Cyberthreat Update: Efficiency Versus Security
Stage set for the Cyber Education, Research and Training Symposium
Col. Andrew O. Hall, USA, director, Army Cyber Institute, opened AFCEA’s first Cyber Education, Research and Training Symposium (CERTS) with a cyberthreat update.
“How can we make security effective and intuitive, yet usable?” Col. Hall asked attendees at the sold out conference. “Efficiency is an area of weakness and easy to hack,” he added. But it’s necessary to perform missions.
The emerging threats to cybersecurity are growing. Col. Hall focused on the global supply chain, artificial intelligence (AI) weapons factories, information warfare and critical infrastructure.
“The entire supply chain is something you need to look at. We are seeing companies and subcontractors end up with a very vast supply chain because in order to do things you need to do a lot of outsourcing,” he said.
Do you know where your router and software are coming from? “There’s been concerns with telecom gear and that these companies can’t separate from the Chinese government,” stressed Col. Hall. Access to the Internet could be comprised with bad routers.
One of the biggest issues right now with surveillance on the Internet is the huge amount of information on the web. “Social media is also giving people points of vulnerability and more opportunities for our enemies to find weaknesses,” noted the colonel. “Every person that works for an organization could be a risk.”
Insider threats are not a new problem but people are able to hoard data now. It’s not just a problem for industry either. Academia needs to find a better way to secure intellectual property. “What people have access to is what they can steal,” said Col. Hall.
Col. Hall cited the Yahoo email, Dropbox and LinkedIn hacks to show the risks in the cloud. As work in the cloud continues to grow, security is becoming more the responsibility of the customer, he said.
Silicon Valley is a great opportunity but also a vulnerability, the colonel added. Other countries are interested in working there because the way they do innovation is unique. “Not all of them have allegiance to the U.S. though; they have allegiance to the dollar,” offered Col. Hall. “The processors there will be another way to find vulnerabilities to keep ourselves safe.”
Critical infrastructure such as emergency services, financial institutions, hospitals and transportation will also need to be investigated. “When we look at warfighting, lately we’ve been thinking about doing it ‘over there’ but we need to start thinking about it ‘over here,’” he said. We are increasingly finding ways to automate elevators, heat pumps, etc., which is great for efficiency, but also opens up vulnerabilities.
A completely new threat is AI. Whereas in the past the Army would give orders for wartime destruction and could destroy enemy’s weapons factories, it is unknown where adversaries are building AI weapons today.
With cyberthreats changing daily, the role of the Army will need to evolve to help clients and taxpayers defend themselves against hackers, Col. Hall concluded.