Cyber security in 2013: How vulnerable to attack is US now? (+video)
Businesses, government, and individuals seek better cyber security measures, as cyberattacks mount in the US. One key focus is how to protect 'critical' systems such as power, water, and transportation.
(Page 4 of 4)
In 2009, US companies that own critical equipment reported nine such incidents to the Industrial Control Systems Cyber Emergency Response Team, an arm of the DHS. In 2011, they reported 198.Skip to next paragraph
Subscribe Today to the Monitor
"The threats to systems supporting critical infrastructures are evolving and growing," the Government Accountability Office concluded in a July report on the US power grid's exposure to cyberattacks.
The potential impact of such attacks, the report continues, "has been illustrated by a number of recently reported incidents and can include fraudulent activities, damage to electricity control systems, power outages, and failures in safety equipment."
Some experts say the rise in such incidents may be exaggerated. "What's happening is that our ability to identify attacks is improving, not necessarily that numbers or strength [of the attacks] is getting worse," says Robert Huber, a principal at Critical Intelligence, a cybersecurity firm in Idaho Falls, Idaho, that specializes in protecting critical infrastructure.
A seminal speech on cyberthreats by Mr. Obama in May 2009 marked the onset of heightened public awareness of the problem. Cybersecurity would for the first time become an administration priority, he said, with a White House cyber czar and a "new comprehensive approach to securing America's digital infrastructure."
"Cyberspace is real, and so are the risks that come with it," Obama said. "It's the great irony of our Information Age – the very technologies that empower us to create and to build also empower those who would disrupt and destroy."
In particular, cybersecurity experts inside major corporations are becoming increasingly concerned. Corporate chief information security officers reported a 50 percent jump in the "measure of perceived risk" since March 2011, according to a cybersecurity index cocreated by Daniel Geer, chief information security officer of In-Q-Tel, the venture capital arm of the Central Intelligence Agency. In November, the index continued its upward march, rising 1.8 percent over the previous month.
Awareness is building among the public, too. Two-thirds of respondents to a national survey by the University of Oklahoma in February 2012 rated the threat of cyberwar at 6.5 on a scale where zero is "no threat" and 10 is "extreme threat." But only 1 in 3 rated themselves as having above-average knowledge about the cyberwar threat.
"These response patterns suggest a public that is aware of the emerging issue of cyber war, does not feel well informed about it, but perceives it to pose a substantial threat," the researchers reported.
Wariness and circumspection about cyberthreats are good first steps, cyber experts say, because they are the precursor to action. They say laws that require owners of critical infrastructure to meet cybersecurity performance standards are the next logical step.
"It's clear we have enemies who'd love to [attack US critical infrastructure], especially if they could escape blame for doing so," says Mr. Baker, the former NSA cyber expert. "It may not happen soon. But we would be crazy to assume it will never happen."