“Our country will, at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.”
That sobering assessment came last week from outgoing Homeland Security Secretary Janet Napolitano.
“While we have built systems, protections and a framework to identify attacks and intrusions, share information with the private sector and across government, and develop plans and capabilities to mitigate the damage, more must be done, and quickly,” Napolitano said in a speech to the National Press Club.
It’s a message that government, employers and average citizens alike should take to heart. A recent study by the Center for Strategic and International Studies and the computer-security firm McAffee estimates that cybercrime and cyberespionage cost the U.S. economy more than $100 billion and 508,000 jobs each year.
It was more than a bit ironic that that Napolitano made her comments just as a hacker group called the Syrian Electronic Army gained control of The New York Times, Twitter and Huffington Post UK. The same group, a hacker collective that supports Syrian President Bashar al-Assad, claimed responsibility several weeks earlier for breaching the network of The Washington Post with a sophisticated phishing attack that resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message.
The computer networks that run the nation's electricity grid, financial system and national defense are under attack. So are the systems that run your company.
The collection of computer systems, telecommunication networks and mobile devices that, grouped together, make up the cyber realm are an increasingly popular target for nation states, criminal syndicates and even lone hackers sitting in coffee shops thousands of miles away. These hackers are pulling out personal identities, engineering specifications, social security numbers, money from banks and intellectual property - the blueprints for jobs in the next generation.
“Intuitively, I think each one of us understands that there's been a substantial expansion of the cyber domain from the desktop computer and traditional computer network to now, every air traffic control tower, warehouse, smart phone and even the automobiles we drive," said Lynn Dugle, President of Raytheon Company’s Intelligence, Information and Services business, who will discuss the global cyber threat at the AIM Executive Forum on September 20.
"This has meant more opportunity and productivity for our society but it has also meant more threats to the data, operations, machines and devices we have come to rely upon. As a result, every company, organization, and agency who presumes to have intellectual property, confidential information or essential operations on a network has an obligation to understand how that network is being used and how that network is being accessed."
The breadth of the cyber threat was underscored in February when the private security firm Mandiant issued a report detailing the ongoing campaign by the Chinese government to hack into American government and corporation Web sites. Mandiant asserted that its three-year investigation showed that a unit of the Chinese military, PLA Unit 61398, had breached 115 U.S. companies across 20 industries in sustained attacks of a year or more that in one case stole 6.5 terabytes of information from a single company.
The Depository Trust & Clearing Corp., which processes U.S. stock trades, has identified cybercrime as the most significant threat to markets and governments around the world. A study by two financial industry organizations found recently that 53 percent of securities exchanges surveyed had been hit by a cyber-attack in the last year. About 89 percent of exchange executives said it represents a systemic risk.
Small wonder that 78 percent of 400 investors surveyed said they would be “somewhat or very unlikely” to invest in a company with a history of being targeted in cyber attacks.
“In a modern digitalized world it is possible to paralyze a country without attacking its defense forces: The country can be ruined by simply bringing its Scada systems to a halt. To impoverish a country one can erase its banking records. The most sophisticated military technology can be rendered irrelevant. In cyberspace, no country is an island,” Toomas Hendrik Ilves, President of Estonia, wrote recently.
The threat is not limited to computers. The New York Times reported in 2011 that American and Israeli intelligence were apparently behind a computer worm called Stuxnet that severely damaged Iran’s nuclear centrifuges in 2010, setting back that nation’s controversial nuclear weapons program by several years. The Times asserted that Stuxnet, the most sophisticated cyberweapon ever developed, caused the centrifuges to spin out of control while playing back recordings of normal operations so technicians were unaware of what was happening.
And next time you’re driving down the Mass Turnpike, remember that your automobile is not simply a mass of glass and steel but a hackable network of computer-controlled electronics. Forbes magazine reported last month on the work of a Pentagon-funded project in which hackers have been able to gain control of the braking and other systems of cars that now routinely include Wi-Fi networks such as Onstar and SYNC.
The message to employers – you’re going to need a bigger lock.