New Report Highlights Economic Threat of Weak U.S. Cyber Security
An Intelligence and National Security Alliance report on cyber attacks outlines vulnerabilities in computer networks across private industry, and calls for a systematic response to prevent the harm these weaknesses could inflict on the U.S. economy.
September 13, 2011
A new report on cyber intelligence and cyber attacks outlines overlapping vulnerabilities in computer networks across private industry and the U.S. government, and calls for a systematic response that would prevent the harm these weaknesses could inflict on national security and the economy.
According to the white paper released on Monday by the Intelligence and National Security Alliance
(INSA)—a non-partisan organization that represents elite leaders in the U.S. intelligence community—coordinated efforts across the private sector, academia, and the government would "mitigate risks associated with the threat, enhance our ability to assess the effects of cyber intrusion, and streamline cyber security into a more efficient and cost-effective process based on well-informed decisions."
The paper, "Cyber Intelligence: Setting the Landscape for an Emerging Discipline," [PDF]
was slated to be released later this month, but after the Associated Press reported on a preview of the paper, INSA decided to publish the report on its website earlier than planned.
The report tallies the potential cost of damages to cyber infrastructure and the pressing need for the government to share its insights into the "threat space" with the "very industries that own and operate over 90 percent of the telecommunications' infrastructure and operations."
Such attacks can be debilitating for citizens and businesses alike:
Civilian 'casualties' and collateral damage are very likely. For example, attacks on critical infrastructure, like electricity, can have second- and third-order effects on hospitals, emergency services, and other unintended victims. Cyber threats can breach touch-points between government unclassified and classified systems.
Over and over again, the report stresses the interconnectivity between government and private systems. Because the multi-dimensional cyber environment is made up of "spatial, physical, logical, and social layers," potential perpetrators have a wide latitude for attack, the report states. Consider, for example, wireless devices, whose user base includes the military, law enforcement, shoppers, drivers, and many other people "using GPS-enabled devices."
"In the absence of a completely new Internet architecture, the public and private sectors are intrinsically linked, interdependent, and must collectively devise and adopt solutions to be effective," the report says.
The Associated Press
The report comes amid growing worries the U.S. is not prepared for a major cyber attack, even as hackers, criminals and nation states continue to probe and infiltrate government and critical business networks millions of times a day. . .Many of the report's observations echo sentiments expressed by Pentagon and Department of Homeland Security officials who have been struggling to improve information sharing between the government and key businesses. But efforts to craft needed cyber security legislation have stalled on Capitol Hill.
Last week, Northrop Grumman's CEO, Wes Bush, called for more regulations
focused on cyber security, prompting some surprise that a business executive would make such a pro-regulation recommendation.
"What [Bush] was pointing out is that cyber attacks are becoming much more frequent," said Randy Belote, a spokesperson for Northrop Grumman. "What Mr. Bush was suggesting is we need to think about cyber security in the same way we think about national defense."
Belote said while he would expect regulations to have some level of effect on industry, "I wouldn't consider the impacts necessarily negative." He said that input from the private sector, academia, and the government could generate regulations that would still allow for industry and innovation to "flourish."
The Obama Administration submitted a legislative proposal, to mixed reviews, on cyber security to Congress in May. The proposal proffered stricter penalties for cyber crimes and clarified the Department of Homeland Security's powers with regard to cyber security; but it was also criticized by opponents for giving "the government unprecedented access to private data," as Grant Gross wrote in Computerworld
In July, a Republican Congressional task force was convened to develop a Republican point of view regarding cyber security legislation, according to Kevin Gronberg, senior counsel for the House Committee on Homeland Security, who was part of a cyber security panel during the Technology Policy Institute Aspen Forum
"It's a long road," said Gronberg, referring to the quest to arrive at a comprehensive legislative package on cyber security. "I think there is some momentum that is building in the House finally. And I think we'll be able to get something in the next year or so."