By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Oct. 2, 2012 – As the cyber
threat intensifies over time from exploitation to disruption to destruction,
responsible U.S. agencies and industries can fight back using cooperation and
transparency, the commander of U.S. Cyber Command said here yesterday.
Army Gen. Keith B. Alexander, who also
serves as director of the National Security Agency, was part of a panel on
cybersecurity at the Woodrow Wilson Center for Scholars.
“For the last 10 years, what we’ve seen
on our networks has been essentially exploitation, [such as] theft of
intellectual property and crime,” the general said. “Over the last few weeks,
we’ve seen distributed denial-of-service attacks, so we’re seeing the threat
grow from exploitation to … disruption, and my concern is it’s going to go from
exploitation and disruption to destruction.”
He defined destruction as physical harm
to computer devices on a network that would cause the networks to fail, or the
loss of a significant amount of data that would impair the ability of a company
-- a stock exchange or a power grid -- to operate.
“I believe that’s coming our way,”
Alexander said. “We have to be out in front of this for a whole host of
reasons. The Defense Department’s reason is that we depend on critical
infrastructure to do our jobs. We depend on the power grid, [and] we depend on
the Internet to operate.”
For industry, the general gave examples
of companies that have experienced serious losses as a result of destructive
cyberattacks. In August, a viral attack on computers at Saudi Arabia’s
government-owned oil company, Aramco, lost data from up to 30,000 workstations.
According to news reports, a malicious virus replaced data on a third of the
computers of the world’s largest oil producer with an image of a burning U.S.
flag.
“Think about a company that loses all
that data from their systems,” Alexander said. “That doesn’t mean you just go
to backup systems -- it’s gone. And if that data had important information, you
can never recover it. From our perspective, that’s a significant problem.”
He also mentioned RSA, a U.S. computer
security company that in March 2011 experienced a cyberattack that news reports
said cost the company $66 million. That month, the company released an open
letter to employees and customers describing the attack, its likely
consequences and the company’s response.
Companies that do business exclusively
online are particularly vulnerable, Alexander said. One of these was DigiNotar,
a Dutch certificate authority owned by VASCO Data Security International that
went bankrupt within 30 days after a September 2011 security breach that
resulted in the fraudulent issuing of certificates.
DigiNotar worked with Google and other
online firms, Alexander added. Certificates allow people to communicate
securely online, and the breach was devastating to the company.
“I do think we have to get out in front
of [such cyber destruction],” the general said, “really for the operation of
our government and our country, and it will also have a significant economic
impact.”
The solution to cyber-related
intellectual property theft and destructive attacks, Alexander said, is
information sharing by responsible organizations and working together in a
transparent way.
“The cyber team that our government
needs,” the general said, includes the Homeland Security Department as the
entry point for working with industry, and the FBI, National Security Agency
and Cyber Command working together to help on the technical front.
The FBI would have the lead for law
enforcement and identifying attackers, NSA on foreign intelligence and Cyber
Command on defending the nation, Alexander said. “Together, that team is what I
think the American people hold us accountable for doing,” he added.
“What we’re asking industry to do is to
look for certain kinds of bad things going on, and if they see these things,
let the government know right away. It’s just like pulling a fire alarm,” he
said. “Call us and we’ll respond. Otherwise, we don’t need to know what traffic
is transiting [the network].”
Alexander said he thinks it’s the
correct thing to do to have a civilian agency in the lead for cybersecurity,
especially if the FBI, NSA and Cyber Command can do their jobs on the technical
side. Such a configuration “allows for the transparency that I think the
American people need in this area,” he added. “Cyber is so important to all of
us. They want to know we’re doing it right, and the way to do that is to be
transparent.”
Cybersecurity also was the subject of a
proclamation issued yesterday by President Barack Obama, who said in declaring
October as National Cybersecurity Awareness Month that the U.S. digital
infrastructure is a strategic national asset that everyone has a role in
protecting.
“By bringing together federal, state and
local governments and private industry partners, we have made great progress in
securing cyberspace for business, education, entertainment and civic life,”
Obama said.
“In November 2011,” he added, “we
released the Blueprint for a Secure Cyber Future, a strategic plan to protect
government, the private sector and the public against cyber threats today and
tomorrow.”
Posts
No comments:
Post a Comment