Google’s recent disclosure that it was the target of a highly sophisticated cyber attack has brought renewed attention to the growing problem of cyber security threats. Officials and security experts say that while past cyber attacks focused largely on national secrets and defense technologies, that focus is changing.
Speaking at a recent congressional hearing on future threats to U.S. national security, FBI Director Robert Mueller said cyber attacks are increasingly taking a wider aim. [Director Mueller’s Testimony to Senate Committee on Intelligence] "As the global economy integrates, many cyber threats now focus on economic or non-government targets as we have seen with the recent cyber attack on Google," he explained. "Targets in the private sector are at least as vulnerable and the damage can be just as great."
Main points in Director Mueller’s testimony
• Cyber threats stem from both state actors, including foreign governments that use their vast resources to develop cyber technologies with which to attack our networks, and non-state actors such as terrorist groups and hackers that act independently of foreign governments
• State actors continue to be a threat to both our national security as well as our economic security because they have the technical and financial resources to support advanced network exploitation and attack
• The greatest cyber threat is posed by countries that continue to openly conduct computer network attacks and exploitations on American systems
• Terrorists show a growing understanding of the critical role that information technology plays in the day-to-day operations of our economy and national security.
• Their recruitment efforts have expanded to include young people studying mathematics, computer science and engineering in an effort to move from the limited physical attacks to attacks against our technical systems
• Fortunately, the large majority of hackers do not have the resources or motivation to attack the US critical information infrastructures
• It is increasingly the case that counterterrorism, counterintelligence, cyber, and criminal investigations are interrelated
Online enterprises face enormous threats
Internet Security Alliance President Larry Clinton says online enterprises face enormous threats because in the world of cyber security all of the incentives favor the attackers. "Cyber attacks are currently comparatively cheap, they are comparatively easy to launch; the amount you can steal is enormous. The chances of getting caught are fairly small," says Clinton.
He adds that, with attackers enjoying a virtually limitless range of targets, and defense a generation behind the attacker, the annual economic losses from cyber threats are great.
"The situation is extremely serious. Last year, American business probably lost a trillion dollars in intellectual property theft, there were billions more that were lost due to down time, inefficiency, et cetera."
Countering threats and challenges
Randy Vickers, acting director of the U.S. Homeland Security Department's Computer Emergency Readiness Team, says one of the biggest challenges with cyber attacks is that there is never a single muzzle flash that tells you where the attack originated.
"With a cyber event, because there are multiple hot points, multiple places where it could be coming from,” Vickers stated. “You cannot say that IP [Internet protocol] address or that workstation or that host or that Web site or that technological capability is the first place it originated from."
Vickers says intent is a key fingerprint used to track down attackers. "We are trying to understand those types of fingerprints so we can tie back to attribution," he said. "But it is long and arduous, and it comes back to: what is the intent? Is it a hack-tivist, is it a nation state, is it a terrorist, is it just a person out to prove that they can do something like the old days used to be?"
President Barack Obama has made cyber security a top priority for his administration, and has listed the threat from cyber weapons along with other weapons of mass destruction - such as nuclear, chemical and biological weapons.
Last year, he appointed Howard Schmidt as the country’s cyber czar [see White House’s recently released National Cyber Security Initiative] to watch over the nation's networks, from systems that direct planes to those that help Americans pay their bills online.
President Obama says cyber security is one of the “most serious economic and national security challenges we face as a nation.”
ISA's Clinton says that such attention is helping, but he notes that the key to building more security is to give businesses more incentives to protect themselves from attacks.
"There is a public benefit that would come to everybody if we could substantially increase our cyber security, because even if I do everything to secure my system, if it interacts with your system and you are not secure, the attackers will get into your system, and through you, get to me," Clinton explained.
Clinton says one way to boost cyber security is by encouraging smaller companies to do more to protect themselves from attacks by using tax incentives, government contracts, and small business administration assistance.
Because, as he and other experts note, “We are only as strong as our weakest link.”