Multi-disciplined partnerships are central to country’s cyber-security

Greg Oslan

Recently, attacks on our government and corporate infrastructure have been occurring with more regularity, compromising corporate, personal and classified information. No longer is the task of cyber-security relegated to IT offices and CIOs in the private sector, nor to a select number of government agencies. Instead, a call to action has been put forth to all entities -- especially the government -- to make cyber-security a top priority. It is now recognized as one of the most important national security challenges of our time.

The U.S. Government is taking notice, albeit after large-scale attacks in recent years. For example, in August 2007, the U.S. suffered a wave of cyber-attacks, inflicting damage to U.S. national and economic security. The Center for Strategic and International Studies (CSIS) reported that the Departments of Defense, State, Homeland Security and Commerce, as well as NASA and the National Defense University, all suffered major intrusions by unknown foreign entities.

More recently, Senate Sergeant-at-Arms Terrance Gainer remarked in March 2010 that government computers are attacked an average of 1.8 billion times a month, and the Senate Security Operations Center alone receives 13.9 million cyber-attacks a day. Add to this that senior representatives from the intelligence community have conclusive evidence that U.S. companies have lost billions in intellectual property, and one can safely conclude that ineffective cyber-security undermines our nation’s strength and puts the U.S. at risk. Undoubtedly, because the United States’ power, status and security in the world depend largely on its economic strength, not yet prioritizing cyber-security could put this position in jeopardy.

The U.S. must ask itself some difficult questions:

• Are we prepared to risk an economic disaster because individual hackers, organized crime or nation states have infiltrated our virtual infrastructure?
• Are we prepared to risk our national security if military secrets fall into the wrong hands, or are rendered unusable as a result of a coordinated cyber-attack?
• Is the U.S. ready to face the consequences of not having airtight cyber-security?

Clearly the issue of cyber-security must be viewed as a multi-dimensional problem. We are taking our first steps, as exemplified by the launch of the new U.S. Cyber Command under General Keith Alexander, to supplement those activities conducted by the Department of Homeland Security and the intelligence communities. As a nation, we must continue to take specific steps to address this mounting problem. Specifically:

• Leverage the technology expertise of government organizations, along with the private sector, and encourage open information-sharing between the two;
• Build international relations to help curtail cyber-threats;
• Have private citizens assist in cyber-security;
• Encourage and support robust private-sector investments in research and development of key technologies that support the war against malicious cyber-activity

Cyber concerns hit Washington: A coalition of public and private sectors

Last May, as he reviewed the nation’s cyber-security policies, President Obama called upon the government to collaborate closely with the private sector to protect the nation’s information infrastructure. And, at the March 2010 RSA security conference, cyber-security czar Howard Schmidt reiterated the president’s call to action, stating that the government should “continue to seek out innovative new partnerships -- not only within government, but also among industry, government and the American public.”

A lack of information-sharing between the public and private sectors has impeded partnerships necessary to properly address cyber-threats. Conversely, cyber-criminals, terrorists and even nation states freely share information to devise and execute cyber-attacks. We, however, need a multi-faceted focus to conquer the problem; and we are seeing a start.

The technology industry is starting to gel and focus its efforts on improving defenses in cyber-security. There is now a clear perspective that signature-based solutions, purpose-built appliances, manually searching large data stores and other methods alone are not adequate to protect our computer systems and our infrastructure. Consequently, we are seeing a heightened awareness that events must be correlated and end-to-end, and multi-faceted approaches must be implemented to protect and manage IP networks. To put it simply, “You can’t protect or manage what you can’t see.”

Even with this awareness, we have to question whether we, in the U.S., have sufficient knowledge resources to focus on cyber-security. Not only must we recognize the problem, we must align and train our current resources to find those solutions. And since we expect cyber-threats to increase in breadth and the sheer number of attempted attacks, we need a call to action in our grade schools, colleges and universities for more education, before these graduates enter the workforce.

I have seen the rudiments of “eco-systems” being formed to battle cyber-threats. We are participating with partners and systems integrators to provide a holistic and multi-layered approach to cyber-security. As the recognition of the need for complete solutions grows, I see additional acquisitions, partnerships and alliances being formed over time because our customers and clients are now understanding the threat and feel the need to address that threat on a holistic basis.