Cyberthreats Grow Unchecked
Be afraid, be very afraid, and hold government accountable.
The exponential growth of network connectivity, evidenced by cloud computing and the Internet of Things, has its counterpart in cyberthreats. These new capabilities will provide myriad opportunities for cybermarauders to wreak untold damage for profit or international gain. And, the government is falling further behind as it does not even meet the security criteria it recommends for the commercial sector.
A panel on the unclassified cyberthreat drew an overflow crowd at the AFCEA/INSA Intelligence and National Security Summit being held in Washington, D.C., September 9-10, 2015. Sean Kanuck, national intelligence officer for cyber issues, Office of the Director of National Intelligence (ODNI), set the tone for the session when he told the audience that continuous, ubiquitous intrusions already are having a negative cumulative effect on U.S. national security and economic competitiveness. “Just because the lights haven’t gone out for a week doesn’t mean the problem isn’t already upon us,” he pointed out.
Kanuck emphasized that no one should underestimate the impact cloud and mobile will have on everyone. The whole way we think about digital identity and the vulnerability surface area will be changing, he predicted.
Melissa Hathaway, president of Hathaway Global Strategies, noted that the ubiquitous global connectivity was built without an consideration given to security and resilience. She foresees the Internet destabilizing over the next few years, as both government and business activities on the Internet are eroding trust. Democracies and dictatorships alike are creating victims of their own citizens, she stated.
“Cybersecurity is not a technology problem; it’s an economic problem, a political problem and a social problem,” she continued. Hathaway also pointed out the U.S. government has told industry to meet minimum security standards that it is not doing itself, as evidenced by the recent Office of Personnel Management data theft. “It’s time we held government accountable,” she declared.
On that point, Kanuck said a true security architecture must be transparent, universal, enforceable and stable. It must be known publicly, which could serve as a deterrence, and its universal character need not be symmetric.
Hathaway said that there are only three truly critical infrastructure elements—telecommunications, power and financial. Sabotaging these could bring disastrous results. But Kanuck pointed out that these three infrastructure elements are held by the private sector, and according to the international rules of warfare, are legitimate military targets.