Attacks on our critical infrastructures have occurred with more regularity, compromising corporate, personal and classified information.
No longer is cybersecurity relegated to IT offices in the private sector or government agencies. Instead, a call to action has been put forth to all entities to make cybersecurity a priority. It is now recognized as an important national security challenge.
Senate Sergeant-at-Arms Terrance Gainer remarked in March that government computers are attacked more than one billion times a month, and the Senate Security Operations Center alone receives almost 14 million reports of cyberattacks a day.
Add to this that the intelligence community has evidence that U.S. companies have lost billions in intellectual property, and one can conclude that ineffective cybersecurity undermines our nation's strength and puts the United States at risk.
Cybersecurity, thus, must be viewed as a multidimensional problem.
With the launch of the new U.S. Cyber Command, we are taking our first steps to supplement those activities conducted by the Department of Homeland Security and the intelligence communities. As a nation, we must take additional steps to address this problem. Specifically:
- Leverage the technology expertise of government organizations and the private sector, and encourage information-sharing between the two.
- Build international relations to help curtail cyberthreats.
- Empower private citizens to assist in cybersecurity.
- Support robust private-sector investments in development of cybersecurity technologies.
In May 2009, President Obama called upon the government to collaborate with the private sector to protect the nation's infrastructure. And, at the RSA security conference in March, cybersecurity czar Howard Schmidt reiterated the president's call to action, stating that the government should “continue to seek out innovative new partnerships – not only within government, but also among industry, government and the American public.”
But a lack of information sharing between the public and private sectors has impeded partnerships necessary to address cyberthreats. Conversely, cybercriminals, terrorists and nation states share information to execute cyberattacks.
We, however, need a multifaceted focus to conquer the problem – and we are seeing a start.
The technology industry is beginning to gel and focus its efforts on improving defenses in cybersecurity. There is now a clear perspective that current security methods alone are not adequate to protect our critical infrastructures. Consequently, we are seeing an awareness that events must be correlated and end-to-end, multifaceted approaches must be implemented to protect and manage IP networks.
Even with this awareness, we must question whether the U.S. has sufficient resources to focus on cybersecurity. Not only must we recognize the problem, we must train our current resources to find solutions.
And since we expect cyberthreats to increase in breadth and number, we need a call to action in our universities for more education before these graduates enter the workforce.
“Ecosystems” are now being formed to battle cyberthreats. They comprise partners and systems integrators to provide a holistic and multilayered approach to cybersecurity. As the recognition of the need for complete solutions grows, we see acquisitions, partnerships and alliances formed because our customers now understand the threat and want to address it holistically.
Like our nemeses, the cybercriminals, we must be able to share information with our cohorts – various groups in the public and private sectors focused on curtailing cyberthreats. This may require changes to laws to allow information sharing, and the way private industry and government work together.
Second, we must continue to encourage the best minds in government, industry and universities to tackle these problems.
I have seen progress in this area through some systems integrators developing and implementing cyber labs for the industry. At Narus, we fund a program in which we work closely with universities to develop methods and algorithms to understand network traffic.
International support is also paramount.
We must realize that cyberthreats can be a pandemic. Given the interconnectedness of the internet, the problem of cybersecurity is one that our government must engage in at an international level. To this point, former presidential adviser Richard Clarke argues in his new book that international agreements are crucial to prevent cyberwarfare. He also states that international cooperation is necessary in identifying the source of attacks that violate these agreements.
But engagement with foreign governments and private industry by our administration may not be enough.
Until the American public looks at the threats of cyber intrusions as passionately as they do health care and the economy, change may only be incremental.
We must recognize that the electric grid, water supply, air traffic systems, most financial transactions and our communications all rely on the internet. A sustained, well-coordinated attack on one or more of these assets would be unfortunate.
But we must not wait until then to act. Cybersecurity must no longer be regarded as an “insurance policy;” rather, it must become an issue that the world deals with seriously and urgently.
It is an issue that must be addressed with a combination of technology, an expert workforce, legislation, foreign policy, and public/private sector partnerships.