While cybersecurity continues to pose serious threats to government, defense and the private sector, experts are cautioning against cyber frenzy.
Threats are often overplayed, said Dmitri Alperovitch, President of Asymmetric Cyber Operations, especially in the intelligence and defense communities. Speaking before an audience at the C4ISR conference in Crystal City, Va., Alperovitch noted that many of the “hacktivist” activities of groups such as Anonymous are little more than a nuisance and embarrassment to the companies impacted.
“Do we ever see a case where China would launch an attack against our civilian infrastructure?” He asked. “Outside of an all-out war, I cannot imagine that they would launch an attack.”
Panelists participating in a discussion on cyber security and critical infrastructure emphasized the importance of involving private industry in information sharing, such as the Defense Department’s Industrial Base pilot program, launched with twenty companies and recently expanded to include even more. DoD is increasing the transfer of information about cyber intrusions between companies and the defense community, a process that has in the past been difficult due to classification rules in government.
“I get classified information that’s important that I would like to share with my industry and I can’t,” said Mark Weatherford, vice president and chief security officer for the North American Electric Reliability Corporation. “It’s critically important that we figure out how we can take classified information within the government, and sanitize it to the extent that it can be distributed in the private sector.” Weatherford noted that he had frequently seen information in the public domain – that’s already widely known – be classified within the government.
Despite lamenting the “hype” and fear mongering that makes its way into the cybersecurity debate, panelists were very serious when it came to the reality of cyber threats across government and the private sector. The finger was pointed directly at China, with few words spared when it came to the seriousness of China’s cyber espionage efforts.
“They’re stealing everything we’ve got by the truckload,” said Alperovitch. The problem is even worse in the commercial space, he said, where business secrets, negotiation strategies and everything needed to outbid competitors and win market share is being stolen. “That’s not just an economic problem, but a national security problem,” Alperovitch said.
The cyber debate is much less about the threat to America’s defenses and critical infrastructure and much more about the risks to intellectual property and global competitiveness. Panelists largely agreed that government involvement in cybersecurity was a necessity, but cautioned against regulation.
“The response it encourages is compliance, not security,” said Alperovitch. “You do the minimum that’s required to comply with regulatory agencies and in the end you’re no more secure than when you started.”
And as the Intelligence, Surveillance and Reconnaissance (ISR) community braces for budget cuts, the importance that jobs and personnel will play was not forgotten. Rep. C.A. Dutch Ruppersberger, ranking member of the U.S. House Permanent Select Committee on Intelligence emphasized the importance of “great minds” and attracting smart talent to U.S. programs. STEM education and strong investment in research and technology will be key in keeping a strategic edge, he said.
“We were being attacked for a period of time and didn’t realize how serious the threat was,” said Ruppersberger. Now the U.S. government and defense community are aware of the threats, and are meeting them with skilled personnel, and the right programs, he said
Moving forward, cybersecurity professionals will need to continue to be needed to match threats with solutions; expanding outside of a focus in the defense industry and into the increasingly serious threats facing the private sector.
Lindy Kyzer is the editor of ClearanceJobs.com. She loves cybersecurity, social media, and the U.S. military. She can be found attending cool ISR events like this across the Washington, D.C. area. Have a conference, tip, or story idea to share? Email editor@clearancejobs.com.