Cyberthreats No. 1 on US Threat Matrix
Thanks to public statements at several venues by top government security officials, and a Wednesday White House meeting between President Obama and CEO's, cyberthreats appear to be heading to the top of the administration's security agenda. That strategy doesn't just involve better protection for the nation's networks; it also involves more ways to retaliate against state-sponsored hackers.
03/13/13 3:12 PM PT
A busy week on the U.S. cybersecurity front is pointing toward a renewed emphasis on the nation's digital defenses, a shift underscored by Tuesday's Senate testimony from a top security official that ranked hackers and cyberattacks as greater threats to the country than Al Qaeda and terrorism.
"Right now the U.S. simply doesn't have a mature capability to detect and respond to cyberattacks," Tim Erlin, director of IT security and risk strategy at security vendor nCircle, told TechNewsWorld. "Part of the severity measurement for a threat has to be the capability to detect and respond to that threat."
The Week in Cybersecurity
The chain of events from the week that may indicate a change in strategy:
- National Security Advisor Thomas Donilon, during a speech to the Asia Society, mentioned the possibility of retaliation to the unprecedented scale of cyberintrusions emanating from China.
- In addition to his comments on cyberthreats vs. Al Qaeda, Director of National Intelligence James R. Clapper told the Senate Select Committee on Intelligence that Russia and China won't launch a devastating cyberattack against the U.S. outside of a military conflict that threatens their vital interests. Hackers or organized groups, however, could access some poorly protected American networks that control core functions such as power generation.
- Gen. Keith Alexander, head of the National Security Agency and the Pentagon's new U.S. Cyber Command, told the Senate Armed Services Committee that he's forming teams of programmers and computer experts who can carry out cyberattacks in retaliation for a major attack on U.S. networks.
- President Obama was scheduled to meet with CEOs at the White House Wednesday afternoon to discuss the latest digital threats. The President has repeatedly stated that the public and private sectors must work together to improve the nation's cybersecurity.
The Nature of the Cyberthreat
"The problem is not so much that cyberattacks are suddenly worse than they've been, but rather that cyber's relative standing as a threat continues to rise as Al Qaeda is further dismantled," Andrew Braunberg, a research director at information security research firm NSS Labs told TechNewsWorld.
The Obama administration has made cybersecurity a major focus and has launched several initiatives, including the U.S. International Strategy for Cyberspace and the Comprehensive National Cybersecurity Initiative, both announced in 2011. The Department of Defense also came up with a strategy for operating in cyberspace that same year .
The Defense Advanced Research Projects Agency (DARPA) is building a cyberwarfare proving ground, the National Cyber Range.
In February, President Obama issued an executive order to improve critical infrastructure cybersecurity, triggering opposition from the U.S. Chamber of Commerce, which argued that instituting new regulation is unnecessary. The Information Technology and Innovation Foundation and other organizations lobbied for Congress to pass a new cybersecurity law.
"Our take away from that executive action is that the agencies have their marching orders and by this time next year, we will have a much better understanding of the impact of these announcements," Braunberg said. He added that the Government Accounting Office has put out a report stating that "the existing system, even with this latest executive action, is disjointed and poorly coordinated."
The focus on cybersecurity is a ploy, suggests Andrew Storms, director of IT security operations at nCircle. "The continuous saber rattling and media attention around cybersecurity," Storms told TechNewsWorld, "is part of a propaganda campaign designed to get and protect budget dollars and bolster public support to expand the cybersecurity efforts the government has undoubtedly had underway for years."