As digital threats against the United States from criminals, terrorists, and state actors continue to loom large, our ability to fight back is not measuring up. This grim assessment was delivered by Admiral Michael Rogers, who heads both the U.S. military’s Cyber Command and the National Security Agency (NSA), before the U.S. Senate Armed Services Committee late last month.
Identifying the online assailants who attack American military, government and corporate systems has always been difficult, because any experienced hacker takes great pains to cover their tracks. But increasingly, they might be getting more sophisticated support. The Washington Post reported that Admiral Rogers told the committee he has seen “strong, direct linkage” between cybercriminals operating out of countries like China, Russia and Iran, and even the national governments themselves. The lines between mercenaries and state actors are easy to blur online.
In the face of this and other concerns, Admiral Rogers believes our current strategy, focused on defending against attacks, is no longer effective – we need to step up our efforts to hit back. “We need to think about,” he told the senators, “How do we increase our capacity on the offensive side to get to that point of deterrence?”
The basis for the Admiral’s wake-up call would seem to be self-evident in the wake of devastating and highly-visible cyber-attacks by hostile entities against the United States. The high-profile assault on Sony Pictures Entertainment last November – after which the company had to spend $15 million just to repair the damage – was linked to a foreign government, North Korea. In this rogue nation, access to the Internet is severely limited and tightly controlled by the state, making direct government involvement in the Sony hack a virtual certainty.
Non-state actors have also demonstrated their capabilities to cause mayhem online. The terrorist group Islamic State of Iraq and Syria (ISIS) – or someone supporting them – notably hacked the Twitter account of the military’s Central Command earlier this year. They posted messages praising the terror group and threatening American military personnel. While it appears that no serious breach of classified information occurred, as a propaganda ploy the attack was still effective. It embarrassed the world’s most powerful military on its own online turf.
Just days before Admiral Rogers called for changes in our cybersecurity strategy, cyber innovators from around the world gathered in Silicon Valley to take steps to address that very issue.
The 2015 IT Security Entrepreneurs Forum (ITSEF), organized by the Security Innovation Network (SINET), provided a glimpse of the kind of cooperation that will help the United States meet future threats to our corporate, government and military online presence. Attendees and speakers included executives from companies large and small, administration officials, veterans of the military and intelligence services, investors, consultants and many others – adding up to a “who’s who” of cybersecurity.
They came together to bring each other up to date on the latest technologies and strategies for protecting commercial and government interests from online incursions by malicious state actors, criminals out for fast cash and every digital foe in between. Such an open exchange was made possible by the unique public-private framework in which SINET operates. Robert Rodriguez, a former U.S. Secret Service agent, started SINET to foster trust and cooperation between government and industry in the United States and around the world to defend against and counter cyber-attacks.
At this year’s ITSEF, which SINET calls its “flagship event,” international participation was high – a clear sign of the growing realization that cooperation across borders is essential to shepherding the best cybersecurity products and technologies to market.
Participants came away with a strong sense of purpose to innovate and create technology to help shift the cyber security protection paradigm to make it harder for malicious actors to succeed. Technologists, investors, academia, government, and corporations are working and investing together to bring to the market more powerful and effective tools and processes to defend from cyber criminals and state actors.