Cyber security in 2013: How vulnerable to attack is US now? (+video)
Businesses, government, and individuals seek better cyber security measures, as cyberattacks mount in the US. One key focus is how to protect 'critical' systems such as power, water, and transportation.
(Page 3 of 4)
"As ominous as the dark side of cyberspace may be, our collective reactions to it are just as ominous – and can easily become the darkest driving force of them all should we over-react," writes Ron Deibert, a University of Toronto cyber researcher, in a recent paper titled "The Growing Dark Side of Cyberspace (... and What To Do About It)."Skip to next paragraph
Subscribe Today to the Monitor
Still others doubt that America's cyberadversaries are as capable as they are made out to be. In Foreign Policy magazine in an article headlined "Panetta's Wrong About a Cyber 'Pearl Harbor,' " John Arquilla argues that the Defense secretary has employed the "wrong metaphor."
"There is no 'Battleship Row' in cyberspace," writes the professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. "Pearl Harbor was a true 'single point of failure.' Nothing like this exists in cyberspace."
Scope of the damage
There's little question, though, that cyberthreats are already doing harm to the US economy – and may do even more.
"At a corporate level, attacks of this kind have the potential to create liabilities and losses large enough to bankrupt most companies," according to the US Cyber Consequences Unit, a think tank advising government and industry. "At a national level, attacks of this kind, directed at critical infrastructure industries, have the potential to cause hundreds of billions of dollars' worth of damage and to cause thousands of deaths."
Evidence of the damage includes the following:
• Cyberespionage that's intended to scoop up industrial secrets alone costs US companies as much as $400 billion annually, some researchers estimate. Much of that comes over the long term, as stolen proprietary data give firms in other nations, such as China, a leg up by slashing research-and-development costs.
• The volume of malicious software targeting US computers and networks has more than tripled since 2009, according to a 2011 report by the director of national intelligence. Reports in 2012 corroborate that upward trend.
• Ransomware netted cybercriminals $5 million last year, by some estimates. Smart-phone and other mobile cybervulnerabilities nearly doubled from 2010 to 2011, according to the cybersecurity firm Symantec.
• The Pentagon continues to report more than 3 million cyberattacks of various kinds each year on its 15,000 computer networks.
Defense contractors such as Lockheed Martin are key targets, too. At a November news conference, Chandra McMahon, Lockheed vice president and chief information security officer, revealed that 20 percent of all threats aimed at the company's networks were sophisticated, targeted attacks by a nation or a group trying to steal data or harm operations. "The number of campaigns has increased dramatically over the last several years," Ms. McMahon said.
Perhaps topping the list of concerns, though, is the accelerating pace of cyberattacks on the computerized industrial control systems that run the power grid, chemical plants, and other critical infrastructure.
"We know that [nation-state cyberspies] can break into even very security-conscious networks quite regularly if not quite easily," says Stewart Baker, a former DHS and National Security Agency (NSA) cyber expert now in legal practice at Steptoe & Johnson. "Once there, they can either steal information or cause damage."