Is America Outgunned in Cyber?

Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."

Shaun Henry, the FBI’s top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that “we’re not winning” and that the current approaches being used by the public and private sectors are:  “… Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them.”

 The WSJ article entitled: U.S. Outgunned in Cyber War also reported that Henry said:

  “"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security…

We have found their [company] data in the middle of other investigations. They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially….''

Meanwhile, other leading experts are sounding similar alarms. Richard Clark, former cybersecurity and cyberterrorism advisor to the White House, testified that “your government has failed you. Every major company in the United States has already been penetrated by China."

In an interview with the Smithsonian.com, Richard Clark goes further:

“I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it. If that’s denial, then that’s denial….

My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete.”

Finally, the National Security Agency (NSA) chief, General Keith Alexander told U.S. Senators that that the Chinese were behind the RSA attacks last year.

“The attack against RSA, in which the attacker conducted a spearphishing campaign that sent disguised emails containing malware that installed backdoors via a zero-day Adobe Flash exploit, indicates a high level of sophistication by China's hackers, according to Alexander. ‘The ability to do it against a company like RSA is such a high-order capability that, if they can do it against RSA, that makes other companies vulnerable,’ he said.

… The NSA director admitted that the government needed more real-time capabilities to work with private sector organizations to stop cyber attacks, and perhaps more authority to take action. He cited an attack in which an "adversary" was attempting to exfiltrate 3 gigabytes of data from a defense contractor in a foreign country, and DOD processes for communicating with that company were too manual.”

 Taken together these quotes tell a pretty scary security story. I don't (generally) like to spread cyber fear, but these latest headlines and interviews are even a level worse than what I've seen in the past. Clearly, we need to adapt to the new global cyber attack environment.

Any response?

 

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
Special Projects
Sponsored Articles
  • Sponsored
    How state and local government transportation and transit agencies can enable digital transformation in six key areas to improve traveler experience.
  • Sponsored
    The latest 2020 State CIO Survey by NASCIO reveals that CIOs are doubling down on digital government services, cloud, budget control and fiscal management, and data management and analytics among their top priorities.
  • Sponsored
    Plagiarism can cause challenges in all sectors of society, including government organizations. To combat plagiarism in government documents such as grants, reports, reviews and legal documents, government organizations will find iThenticate to be an effective yet easy-to-use tool in their arsenal.
  • Sponsored
    The US commercial sector, which includes public street illumination, used 141 billion kilowatt-hours of electricity for lighting in 2019. At the national average cost of 11.07 cents per kilowatt-hour, this usage equates to a national street energy cost of $15.6 billion a year.