Magazine article National Defense

Wild, Wild West: In the Fight against Cybercrime, Weapons Have Short Shelf Lives

Magazine article National Defense

Wild, Wild West: In the Fight against Cybercrime, Weapons Have Short Shelf Lives

Article excerpt

If you purchased a brand new computer today with all the latest security software and plug it into the Internet, how long would it be before the first hacker probed it?

About four hours.

Even the latest innovations to protect networks are not enough to counter cybercrimes.

"Unfortunately, it's still a bit of a wild West," says Tim McKnight, vice president and information security officer for Northrop Grumman Information Systems.

"You're having to fight hackers with very little governance and law," he adds. Cybercriminals have the upper hand because the cost of planning and executing a cyberattack is cheap and it's difficult to identify the attackers.

U.S. networks are the targets of choice.

"We're the most vulnerable nation on the Earth because we're the most dependent," John "Mike" McConnell, former director of national intelligence and a senior vice president at Booz Allen Hamilton, says at a conference organized by the Security Innovation Network.

President Obama in a May speech pinned America's economic prosperity to the security of its digital infrastructure. "It's now clear this cyberthreat is one of the most serious economic and national security challenges we face as a nation. It's also dear that we're not as prepared as we should be," he warned.

On July 4, about 170,000 computers in 74 countries were linked, unbeknownst to their owners, in a botnet--a collection of malicious software robots that run autonomously. The botnet was commanded by unidentified assailants who attacked government websites in South Korea and the United States. Nearly all U.S. federal agencies, including the White House, were hit by the denial-of-service attack.

"I think we're really at a crisis point where we have no confidence in the security of our information," Amit Yoran, former director of the United States Computer Emergency Readiness Team, (US-CERT), and Department of Homeland Security's national cybersecurity division, tells National Defense.

Homeland security officials worry most about a "digital Pearl Harbor" attack on the nation's cyber-infrastructure. The July 4 attack could be a harbinger of things to come, they say.

"I believe we are being set up. We are being probed constantly," says Robert Rodriguez, chairman and founder of the Security Innovation Network. "The adversaries are innovating faster than we are because they don't have corporate governance and budget and privacy issues. They move at warp speed."

Many of the technologies that have been developed in the last decade to protect networks--firewalls, intrusion detection systems and anti-virus products--assume that networks have perimeters, points out Yoran, who is now chief executive officer of NetWitness Corp., a security software provider. But in the current digital world, there are none.

"You can't build a fort," he says. 'You can prevent really simplistic attacks by putting up these castle walls. But in today's environment ... it's literally impossible to define what your enterprise network looks like today, let alone build a castle around it that leaves your organization nimble and agile enough to accomplish its mission."

Another problem is that friends and foes all operate in the same Internet. Like the shipping lanes of the seas, it could take decades to establish borderlines in the digital world. "It's taken hundreds of years to define those treaties and those boundaries," says Rodriguez. "We haven't come close to defining the Internet routes and the policies." Until those are established, defending networks will remain an ad hoc process where even the best defensive measures turn into a sieve through which cybercriminals can slip.

"Our solutions are perishable. The shelf life of a solution is fairly short," says Per Beith, director of global network operations at Boeing Co., which is attacked by some 500,000 viruses a month. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.