U.S. Director of National Intelligence Lt. Gen. James R. Clapper, USAF (Ret.), recently testified in Congress that cyber attacks have become the greatest single threat facing the United States. He went on to say the threat is particularly acute for the nation’s critical infrastructure and reminded Congress that the majority of critical infrastructure in the United States is privately owned.
The European Union Internal Security Plan, written in 2011 and updated annually, makes the same assertion: cyber security has become the greatest vulnerability for the European Union and its member nations.
Cybersecurity has become so important because the range of threats includes recreational hackers, hacktivists, cyber criminals, terrorists, and state or state-sponsored actors. The targets include government networks, systems, applications and data as well as those of industry and private citizens. At the same time, the tools available to bad actors are diverse, sophisticated and inexpensive or free—and easy to obtain on the Internet.
If you have not visited a cyber laboratory recently, I encourage you to do so. Should you have doubted the seriousness of the threat, such a visit will make a believer of you. Many of AFCEA’s member companies have good laboratories; the iCollege at the National Defense University has a great set of laboratories specific to various types of systems; and the National Police Academy in Prague, Czech Republic, has done some amazing work in computer forensics that will open your eyes. In addition, the NATO Cyber Center of Excellence in Tallinn, Estonia, was developed to support a multinational approach to cybersecurity.
An awareness is growing that not all networks and systems can be protected against all threats all the time. As a result, classified and particularly sensitive data, as well as important intellectual property, are being identified and carefully protected. Significant attention is being given to resilience—the ability to work through and quickly recover from attacks when they are successful, as some attacks are sure to be. Administration policies and procedures are being improved to ensure that security gaps are identified and patched quickly. The majority of successful attacks can be tracked to an unpatched gap—most of which were known and for which patches were available but not applied.
Because the threat applies to government, industry and private systems, education is a key factor. Bad actors will attack the weakest targets. People with no protection on their systems often inadvertently lend them to botnets that strengthen the capabilities of the threat. Government and industry security is uneven. Best practices need to be shared better, education must be more effective and investments must be made where necessary.
AFCEA is involved in this effort in a number of ways. The AFCEA International Cyber Committee has done a good job bringing together government, industry and academia to explore issues across government and industry; conduct studies; and generate white papers that have received wide distribution. The Cyber Committee is our center of excellence in this area, available to the staff and to the regions and chapters as a resource for consultation and to recommend speakers for symposia on cyber. Many AFCEA chapters have been engaged heavily on cyber issues and have conducted cyber workshops and conferences. The Czech Chapter led an effort to bring together its Ministry of Defense and Ministry of Interior to work cyber in the Czech Republic in a whole-of-government manner.
AFCEA International presents its annual Cyber Symposium, “Defining Full Spectrum Global Cyberspace Operations,” late this month, June 25-27 at the Baltimore, Maryland, Convention Center. This symposium includes speakers from U.S. Cyber Command—including its commander, Gen. Keith Alexander, USA, who also is the director of the National Security Agency and of the Central Security Service—from the Defense Department (OSD, DISA, the Joint Staff and the military services), from the Justice Department, from the Department of Homeland Security, from key industry members and many more.
On July 30-31, at the National Press Club in Washington, D.C., AFCEA International will present its Global Intelligence Forum USA, “Defining the Role of Intelligence for Cyber Missions.” This forum will explore how the intelligence community has adjusted its priorities and processes to support the cyber community. This is a rare unclassified AFCEA intelligence program.
Looking overseas, later this year on September 11, AFCEA International will partner with Cityforum in London, England, to present a one-day forum on cyber policy and implementation on both sides of the Atlantic. This symposium will feature cyber policy makers and experts from both the United States and Europe.
All of you should participate in this broad range of activity that is critical to global security. October 2013 is National Cyber Security Awareness Month. AFCEA will have a number of activities at the international, regional and chapter levels to support this important awareness campaign. This will kick off an aggressive schedule of cyber programs for fiscal year 2014. If you have ideas to enhance the cyber program, please let me know. We are happy to partner in this vitally important area.