Within 24 hours before the start of the Space Symposium’s cyber conference, the computer-hacking organization called Anonymous had penetrated an unknown number of computers in Israel.
Israel retaliated with a “hack back,” tracking Anonymous to its own website and placing the Israeli national anthem on the site.
At the same time, banks in the United States underwent a series of denial-of-service attacks — and experts say those attacks originated in Iran.
While everyone is aware of computer-hacking crimes, many might not know how sophisticated techniques have become or how common attacks have become.
Every 60 seconds, 250 computers are hacked. Every day. Companies lose $388 billion a year in stolen business secrets and intellectual property.
Recently, Lockheed Martin was hit through its supply chain companies.
Fortunately, the damage was minimal because the company had invested millions in cyber security.
While Anonymous seizes the headlines, they aren’t the real threat, according to experts who spoke during the 29th annual National Space Symposium’s opening session, titled “Cyber 1.3.”
The real threat, they say, are nation states.
“About 80 percent of cyber attacks can be thwarted just by good cyber hygiene, by placing software that will block malware and by educating people about clicking on email links,” said U.S. Rep. Patrick Meehan, a Republican from Pennsylvania who serves as chairman of the subcommittee on cyber security, infrastructure protection and security technology. “And the next 15 percent are more sophisticated, hackers like Anonymous. Their attacks are something that we all can collaborate on and fight together.”
But the last 5 percent — those are the attacks that do the most damage, he said. Those are nations like China stealing business secrets and intellectual property. They’re attacks by North Korea on South Korea’s defense systems. They’re attacks by Iran on Israel’s energy systems.
“These attacks are inside the wire,” Meehan said. “We need to work efficiently together to work against those attacks.”
There’s already a sense of increased awareness about cyber attacks on networks, says Ret. Gen. Trey Obering, senior vice president at Booz Allen Hamilton, a defense contractor with a significant presence in cyber security.
“More and more, we’re putting security requirements into the system engineering,” he said. “And that’s new. We’re being more dynamic, more watchful.”
That’s because it’s no longer a case of “if” a computer network is attacked, but “when,” he said.
Booz Allen Hamilton has responded to the threats by giving its clients a new system, called Cyber Foresight. Unrolled just this year, the program collects massive amounts of data from networks and the cloud that allow customers to know the types of attacks they’re facing — hackers, denial-of-service attacks, intellectual property thefts.
Then, the system analyzes the data and tailors a program that will react to anticipated events — ending the attack before anything can be stolen.
“We’re building in design capacity to deal with cyber attacks, a dynamic capability to operating in all complex domains, a way to know when someone is in your systems,” he said.
Cyber defense doesn’t come cheaply, he admits. He works with smaller companies — Booz Allen’s supply chains, for example — to do the upfront tasks that will block 80 percent of the attacks.
“But think about it,” he said. “If someone breaks into your network, they have control of your business — every financial transaction, every intellectual secret. It’s in their hands. And it could bring your business down. This is definitely one of those cases where an ounce of prevention is worth a pound of cure.”
And Obering gives both the government and private industry high marks for responding to the threat, simply by being more proactive and more dynamic.
But the threat remains.
The Department of Homeland Security has warned of a Sept. 11 kind of cyber attack, while the Department of Defense says it’s only a matter of time until the nation experiences a cyber attack equivalent of Pearl Harbor.
James Armstrong, chief information officer for the Missile Defense Agency, says neither the military nor private industry is taking the right steps to defend the networks. The groups are not practicing, he said.
“We don’t send troops to battle until they’ve experienced a live fire exercise, until they know what it’s like to be under fire,” he said. “And we shouldn’t send cyber experts out there until they know what an attack looks like, what a realistic threat might be. We need to get a lot better in this regard.”