Breach, Compliance Management, Data Security, Privacy

Hayden says private sector will lead cyber defense charge


When Gen. Michael Hayden first heard President Obama publicly refer to the Sony breach as “cyber vandalism,” he thought the term was inadequate but quickly realized there was no real term to describe that type of activity in what he called “the largest ungoverned space in history,” the former director of the National Security Agency (NSA told an audience at Centrify Connect in New York Wednesday.

“I thought it was way beyond spray painting a subway car in the Bronx,” he said. “It was more than cyber vandalism but we haven't gotten the big concept squared as to what to call it. We're still at the level of conceptualization.”

The Sony attackers almost got to the point of physical destruction, he said, noting that some employees received messages with the equivalent of “I know where you live, I know what car you drive and I know where your daughter goes to school.”

But despite the severity of the attack and its implications, the U.S. response was diluted in part because government officials and the military, though it has added cyber to its land, sea, air and space objectives, haven't noodled out how and when to respond.

Although, Congress finally passed an information-sharing act (“It took three Congresses, not three years, but three terms,” Hayden stressed) and Secretary of Defense Ash Carter recently pledged support for companies that suffer similar attacks, “you're on your own,” the general told the audience. Barring a threat of “significant loss of life,” which makes up a tiny percentage of attacks, enterprises aren't likely to hear “the digital bugle and the hoof beats of the digital cavalry coming over the hill to save the day.”

Instead, private sector will step in, he said, noting that in the Civil War, Generals Grant and Lee would tell military leaders “your troops are in this corps” and that in battle they “must conform to the main body.” Hayden said.  When it came to cyber, he “operated under the presumption that the main body was government and the private sector should conform.”

He was wrong. “The private sector is the main body [in the cyber war] and government should conform to it,” he said. “They are going to win or lose the game for us.”

That's the principle reason that in the recent Apple-FBI battle, he's been a vocal supporter of Apple. “The resolution is apparent,” he said, calling it a “bad idea if Apple is forced to crack its technology for authorities. “Why do that when the private sector needs to protect you?”

While he understands where FBI James Comey is coming from in his pursuit of terrorists and criminals, Hayden said, “Comey's approach based on a very narrow field of view of security” and noted that  ultimately “Mark Zuckerberg's definition of privacy will have more affect than anything Congress will do has done

Hayden also reiterated that “all nation states are involved” in cyber spying, gathering intelligence with the U.S. being “the biggest,” although unlike in some other countries, “your espionage [is done] for security, Liberty not for profit.”

Russia, the general said, is the most sophisticated when it comes to skills while China is impressive in the breadth of attacks. “I stand back in awe of the scale,” he said.

Hayden also said he doesn't blame China for the Office of Personnel Management (OPM) attack, because OPM is a legitimate target for nation-states trying to gather intelligence. “OPM is not shame on China, it's shame on us,” he said. If China had all of information on 20 million sitting in one spot, “I would have busted through that baby in a heartbeat.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.