Cyber attackers have the edge, experts admit
Top American cybersecurity officials said on Thursday they need to work closer with private industry and other governments to fight the changing threat from ever-craftier cyber attackers, who have a new array of targets from power grids to bank accounts made vulnerable by the Internet.
Such cyber attackers have an edge right now, experts told the Air Force Association's Cyberfutures Conference.
According to the Office of Management and Budget, cyber attacks on agencies jumped 39 percent to 41,776 in 2010, up from 30,000 in 2009. The OMB also notes that the federal government spent about $12 billion on IT security, or about 15 percent of the roughly $80 billion total IT budget.
Gone are the days of high-profile viruses with catchy names. Now cybercriminals use less destructive, but more targeted attacks to steal money, information, or intellectual property, said Greg Schaffer, who leads cybersecurity and communications efforts for the Department of Homeland Security.
"This focus should be of tremendous concern, because it can have economic impact for years," Schaffer said. Telephone systems, water supplies and factories can all now be attacked, he said.
"There are a whole range of devices that weren't part of [the] conversation before, but they are certainly part of [the] conversation now," Schaffer said.
Citing a new Homeland Security report, Schaffer said government officials need to work with their counterparts in private industry to prevent attacks rather than waiting for them and then reacting.
In the report the Department of Homeland Security outlined plans that include a three-pronged approach to cyber security: automation, interoperability, and authentication.
"If these building blocks were incorporated into cyber devices and processes, cyber stakeholders would have significantly stronger means to identify and respond to threats--creating and exchanging trusted information and coordinating courses of action in near real time," wrote Philip Reitinger, DHS deputy undersecretary of the National Protection and Programs Directorate, in a blog post.
The DHS report envisions a dynamic "ecosystem" of devices and systems that interact to protect themselves. "We have got to get to a point where the systems are designed to cure themselves," Schaffer said.
The cybersecurity community is still debating whether a more centralized government role is needed, or whether threats can best be countered through public-private partnerships.
Other top officials echoed Schaffer's call for greater cooperation. Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division, said there is plenty of information sharing, but not enough operational collaboration.
Gordon said the protocols established under traditional international treaties are cumbersome, but "embedding" American officials with foreign cybersecurity units can help overcome delays.
Collaboration also can help agencies and companies that defend networks, said Maj. Gen. Ronnie Hawkins Jr., vice director of the Defense Information Systems Agency.
"There is an evolving focus on partnership," he said. Hawkins said his agency engaged in a lot of information sharing, but not much collaboration with other agencies or private partners.