Gen. Hayden says it’s time to look at the consequences of cyber attacks
Gen. Michael Hayden (left)
Gen. Michael Hayden (USAF-Ret.), having served as head of the NSA and then head of the CIA, ought to know a few things about the current state of cyber security in America. So, when Hayden says the U.S. may be spending too much time thinking about cyber vulnerabilities and not enough time thinking about the actual consequences of a successful cyber attack, it probably makes sense to pay attention.
Hayden told a symposium for cyber security professionals in Bethpage, Long Island on Feb. 21 that government officials and industry executives were expending too much of their energies trying to reduce our cyber vulnerabilities and strengthen our network perimeters.
“We may be at the point of diminishing returns by trying to buy down vulnerability,” the general observed. Instead, he added, maybe it’s time to place more emphasis on coping with the consequences of a successful attack, and trying to develop networks that can “self-heal” or “self-limit” the damages inflicted upon them.
“I cannot stop them at the perimeter,” Hayden acknowledged, “so, how do I deal with the fact that they are on the inside.”
These observations emerged at a symposium dedicated to describing the current cyber landscape, assessing the cyber legislation moving through Congress and urging cyber-related companies on Long Island to band together in an effort to protect their own networks, grab a piece of the federal government’s cyber procurement and R&D budgets and, perhaps, develop a new cyber monitoring center or test bed to serve Long Island.
Frank Otto, the president of the Long Island Forum for Technology, which co-hosted the symposium, told Government Security News that “there’s always strength in numbers,” and that he will be interested to see what the local IT security companies might want to create. His list of possibilities included a center that could seek federal or state cyber grants, monitor cyber attacks across Long Island, seek government contracts or hold training exercises.
Hayden, like the day’s other speakers, placed a strong emphasis on the need for government and industry to develop stronger-than-ever “public-private partnerships.” It seems that at any forum where cyber security threats are discussed, the new buzz words have become public-private partnerships. In part, that’s because government officials seem to be overwhelmed by the relentless, broad-based attacks that are being launched continuously against civilian government (.gov), military (.mil) and commercial (.com) domains. Public-private partnerships have also come into vogue because government officials anticipate smaller and smaller budgets in the years ahead, with less and less of those budgets being available to help commercial enterprises defend their .com domains.
Paul Schneider, a former deputy secretary of the U.S. Department of Homeland Security, delivered pessimistic news to the business people who filled the room at the Morrelly Homeland Security Center. Schneider praised some of the cyber legislation being developed in the House and Senate, but suggested that very few of the dollars included in those bills would ever find their way down to small- and mid-sized businesses at the local level. “I don’t see these bills impacting you at all,” he told his audience. “Most of the money will go to strengthen the .gov networks.”
General Hayden called the cyber legislation percolating on Capitol Hill a “great step forward,” but admitted that, as a society, “we have not worked out the rules for what we want the government to do in cyber space, or what we will allow the government to do in cyber space.”
That being said, Hayden suggested that the U.S. Government inevitably will wind up doing less to defend America in cyberspace than the government traditionally has done to defend the country in physical space.
Rep. Steve Israel (D-NY), who represents the second congressional district on Long Island, supported the embryonic effort to draw together the cyber brains on Long Island, fondly recalling the days when Northrop Grumman and other local technology companies built major weapon systems for the Pentagon and helped put a man on the moon.
Rep. Israel said the “bi-partisan” cyber legislation moving through both chambers might not be perfect, but it would certainly improve the nation’s cyber preparedness. “Anytime you can get both parties to agree on anything, just pass it,” he advised.
He drew a parallel between the intelligence agencies of the federal government before 9/11, when they operated in too many separate “stovepipes” that often didn’t talk with each other, and the federal government’s current cyber landscape, when too many government agencies have broad responsibilities spreading across the spectrum. “We’ve got to get out of that bubble,” said the congressman, “and reach out to all stakeholders.”