Government and industry are going to have to work together to combat the cyber threat – and there’s no time to waste since the threat is growing daily.
Military leaders and industry representatives all said the same thing: the United States is late to cyber war, and has significant enemies willing to exploit that.
Michael Gallagher, of McAfee’s global threat division, said that cyber attacks had increased 500 percent last year, and more computer networks were attacked during 2009 than every year before combined.
While everyone recognizes the importance of the threat, the nation’s largest industry insiders are willing to work with the government. They want to be a full partner in the effort to secure the world’s cyber networks.
At least, most of them do.
“Half of them want to be left alone,” said Steven Hawkins of Raytheon. “But that half is delusional. We need government help. We need government to be the leader. Tell us what you need, and we’ll make it happen. We’ll get in the harness with government.”
At the same time, he said, the government needs to listen to the industry leaders and make changes to keep networks secure.
“There’s some real pride in the sector,” he said. “And there are ways to take charge of that.”
The first step in dealing with cyber security is to know why the adversary wants to attack, the easiest way to attack, said Jim Jaeger of General Dynamics.
“And you can’t forget that most of the components are made overseas,” he said. “We have to be able to test throughout the whole supply chain. The U.S. gave up our foundry for tech parts, so we have to know there’s a threat there as well.”
The big take-away: They will get in. There’s no way to protect every computer network in the nation, much less the world.
“You have to have technology in place to respond,” said Dale Meyerrose of Harris Corp. “Because there’s no way to protect everything. You have to track the attack, get rid of it as quickly as possible.”
Tracking the attack is not as easy as it sounds. Going across country boundaries and into private network presents major legal problems.
“We need a whole new lexicon,” said Barbara Fast, vice president of cyber and information solutions for Boeing. “For instance, does ‘attack’ have the same meaning? Does ‘breaking and entering’ have the same punishment if it’s done over networks?”
Cyber war will include civilians – both civilian casualties and civilian fighters – as the nation strives to find the ways to protect electric grids, computer networks, financial institutions and military secrets.
“The bottom line is we are at war in cyberspace … today … all the time,” said Gen. Stephen R. Lorenz, commander of the Air Education and Training Command.
Other countries have successfully used cyber warfare – Israel is one of the leaders, having begun its work in this realm in the 1990s. The U.S. was slow to recognize the threat, but is moving to catch up.
Cyberspace adds a dimension to war fighting, and cyber soldiers try not only to protect the nation’s information technology assets, but will attack the enemy’s assets as well.
“It will take a little while for us to get our feet on the ground,” Kehler said. “I think the growth potential across all the services here is large.”
That’s big news for Colorado Springs, home of the Air Force Space Command at Peterson. The cyber command falls under the Space Command’s mission.
Government aerospace contractors are branching out into cyberspace, raising hopes of more jobs for the city.
“To say it’s emerging is an understatement,” said Bob Bishop, a marketing director for Boeing Corp. “It’s going to be booming very soon.”
The opportunity for growth is equaled by the size of the threat.
Michael McConnell has worked in cyber security in both the civilian and public sectors, and said that Sept. 11 could have been worse.
“If the 9/11 terrorists had been cyber-smart, they could have brought down our entire banking system,” he said. “They could have destroyed that data and that could have had catastrophic global implications.”
McConnell is clear: when he talks about cyber war, he doesn’t mean the intelligence gathering other countries do via the Internet.
“I don’t mean hacking, I don’t mean spamming, I don’t mean identity theft,” he said. “I don’t mean China grabbing information to exploit. I mean there are groups out there who could not only copy the information – but destroy it. And once it’s gone, it could bring our $14 trillion economy down.”
The threat is real, and it occurs every day. Already, there are people who could attack large banking systems.
“I know half a dozen people in our government who can do it,” he said. “And I know another half dozen in the private sector who could.”
The very real threat led him to seize an opportunity as a national security adviser to President Bush to encourage a national cyber mission – Bush agreed and Congress approved the money for it. When Barack Obama became president, he gave the same presentation.
“The result, we’re not ready – but we’re getting there,” he said.
Private sector companies are already working to defend infrastructure from attacks from malware, spam and identity theft. McAfee is one of those companies – and it recognizes it can never end the threat completely.
“As long as the Internet is successful, we can’t get off-line,” said Michael Gallagher of McAfee’s global threat division. “And that makes us a target.”
Cyber attacks can cost millions, he said. But despite the size of the threat, there is no punishment.
“People operate with relative impunity,” he said. “There’s no retribution, no punishment. Corporations just want it fixed, but they don’t necessarily want to go after the people who did it.”
The Internet is still too new for people to view cyber crimes as serious crimes, he said.
“We’re like the wildebeasts, crossing the river. The alligators know we have to cross the river, but there’s no one hunting the alligators,” he said.
But as corporate interests and military start to work together – there will soon be thousands of people hunting down every alligator in the river.