A proposed "cyber squadron" based out of New York and a cyber center of excellence in California represent the type of coordinated solutions between the private and defense sectors that officials are pushing to defend the U.S. and its interests against the growing threat of cyber attacks.
Rear Adm. Kenneth Slaght (Ret.), president and co-chairman of the Cyber Center of Excellence in San Diego, told SCMagazine.com that the U.S. needs to address cyber security with a shared urgency similar to the country's approach to the Manhattan Project, which generated the first nuclear weapons.
“There's a lot of great work that individual companies and researchers are doing, but there is no national view,” he said. “All of those examples are being put into a big black hole.”
Private-military partnerships have gained supporters, and are especially sought-after among state and local officials tasked with protecting the economy and infrastructure.
On Tuesday, a group of lawmakers from New York requested the creation of an Air National Guard Cyber Operations Squadron in the state. The legislators, Sen. Kirsten Gillibrand (D), Rep. Richard Hanna (R), and Rep. Steve Israel (D) sent a joint letter to highlight New York State's role as a financial hub and a prime terror target.
The addition of a cyber squadron in the state “would enable New York's Guard to continue pushing the boundaries of advanced technology," they wrote, according to a copy of the letter obtained by SCMagazine.com via email. The letter to Lt. General Stanley E. Clarke III, Director of the Air National Guard, and Admiral Michael S. Rogers, U.S. Navy, Commander of the U.S. Cyber Command, suggested the Air Force Research Lab in Rome, N.Y., as a potential location.
"As our state and our country continue to face rapidly evolving cyber threats, New York's Air National Guard is especially well positioned to fulfill the mission of combating these new threats and keeping our country safe," Gillibrand said in a statement.
The Cyber Center of Excellence in San Diego is one of several public-private cybersecurity partnerships between NIST and regional Economic Development Corporations. Other Cyber Centers of Excellence are located in Maryland, Silicon Valley, Texas, and Louisiana.
But initiatives like San Diego's Cyber Center of Excellence would not be possible without a sizable military presence. The U.S. Navy's Space and Naval Warfare Systems Command (SPAWAR) is headquartered in the city and, according to Slaght, accounts for approximately 70 percent of the 6,500 cyber jobs in the region.
Slaght said cyber center has paired local utility and infrastructure entities with top cybersecurity talent through roundtable forums to help address vulnerabilities in the energy, transit, and water utilities. Cyber expertise is in great demand among regional and municipal utilities and a report published last month found that the energy/utility was one of the industries that demonstrated the worst cybersecurity preparedness. Energy/utility is also a sector that, if attacked, could experience the most grievous damages.
For example, South Korea's intelligence service last week said the North Korean government may have coordinated a hack of the Seoul Metro in 2014. The intelligence service said 58 malicious codes were implanted into the computers using the Advanced Placement Threat (APT). And, the same week, London-based think-tank Chatham House released a report highlighting nuclear power plant cyber attack vulnerabilities.
Howard Teicher, vice president of public sector at Radware Ltd., told SCMagazine.com that many private sector companies “throw up their hands in the face of hypothetical threats.” He said the private sector needs to be incentivized to be proactive in addressing threats.
Dyadic co-founder Dr. Yehuda Lindell echoed this sentiment. After researchers published a report demonstrating that it is possible for hackers to replicate a SHA-1 certificate for as little as $75,000 to $120,000, Lindell told SCMagazine.com the private sector is “waiting for actual damage to be inflicted before transitioning out of it.”
Teicher at Radware said, “The private sector is reactive, not proactive."