Magazine article National Defense

Wild, Wild West

Magazine article National Defense

Wild, Wild West

Article excerpt

In the fight against cybercrime, weapons have short shelf lives

If you purchased a brand new computer today with all the latest security software and plug it into the Internet, how long would it be before the first hacker probed it?

About four hours.

Even the latest innovations to protect networks are not enough to counter cybercrimes.

"Unfortunately, it's still a bit of a wild West," says Tun McKnight, vice president and information security officer for Northrop Grumman Information Systems.

"You're having to fight hackers with very little governance and law," he adds, Cybercriminals have the upper hand because the cost of planning and executing a cyberattack is cheap and it's difficult to identify the attackers.

U.S. networks are the targets of choice.

"We're the most vulnerable nation on the Earth because we're the most dependent," John "Mike" McConnell, former director of national intelligence and a senior vice president at Booz Allen Hamilton, says at a conference organized by the Security Innovation Network.

President Obama in a May speech pinned America's economic prosperity to the security of its digital infrastructure. "It's now clear this cyberthreat is one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be," he warned.

On July 4, about 170,000 computers in 74 countries were linked, unbeknownst to their owners, in a botnet - a collection of malicious software robots that run autonomously. The botnet was commanded by unidentified assailants who attacked government websites in South Korea and the United States. Nearly all U.S. federal agencies, including the White House, were hit by the denial-of-service attack.

"I think we're really at a crisis point where we have no confidence in the security of our information," Amit Yoran, former director of the United States Computer Emergency Readiness Team, (US-CERT), and Department of Homeland Security's national cybersecurity division, tells National Defense.

Homeland security officials worry most about a "digital Pearl Harbor" attack on the nation's cyber-infrastructure. The July 4 attack could be a harbinger of things to come, they say.

"I believe we are being set up. We are being probed constandy," says Robert Rodriguez, chairman and founder of the Security Innovation Network. "The adversaries are innovating faster than we are because they don't have corporate governance and budget and privacy issues. They move at warp speed."

Many of the technologies that have been developed in the last decade to protect networks - firewalls, intrusion detection systems and anti-virus products - assume that networks have perimeters, points out Yoran, who is now chief executive officer of Net Witness Corp., a security software provider. But in the current digital world, mere are none

"You can't build a fort," he says. 'You can prevent really simplistic attacks by putting up these castie walls. But in today's environment ... it's literally impossible to define what your enterprise network looks like today, let alone build a casde around it that leaves your organization nimble and agile enough to accomplish its mission."

Another problem is that friends and foes all operate in the same Internet. Like the shipping lanes of the seas, it could take decades to establish borderlines in the digital world. "It's taken hundreds of years to define those treaties and those boundaries," says Rodriguez. "We haven't come close to defining the Internet routes and the policies." Until those are established, defending networks will remain an ad hoc process where even the best defensive measures tum into a sieve through which cybercriminals can slip.

"Our solutions are perishable. The shelf life of a solution is fairly short," says Per Beitii, director of global network operations at Boeing Co. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.