NSA Director Delivers Cyberattack Wake-Up Call
by Tom Loftus, WSJ
The cyber threats arrayed against your operations are growing stronger and more sophisticated each day. On Thursday the director of the NSA delivered a wake-up call for everyone else. “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic,” said Adm. Michael Rogers. He added that he expects a major cyberattack against the U.S. in the next decade. The WSJ’s Siobhan Gorman reports that Adm. Rogers’ testimony was the most specific public warning from the government to date about the likelihood of major attack. The threats include efforts by nation-states, including China and “one or two others,” aimed at infiltrating the networks of industrial-control systems as well as increased coordination between cybercriminal groups and foreign governments.
That’s worrisome news given that critical infrastructure systems face poor monitoring capabilities, among other challenges. “These are the kinds of things we worry about in our ability to understand how many incidents are occurring – if you don’t have the basics of logging, it’s hard to detect,” Michael Assante, industrial control systems lead for SANS Institute, told CIO Journal in October.
For businesses, Adm. Rogers’ remarks serve as a reminder that security can’t rest on technology alone. Better coordination between the government and businesses on sharing threat infomation is needed, but efforts so far have been sporadic, As former NSA chief Mike McConnell told CIO Journal in a June interview, “It is not a technology issue. We are the best in the world at technology. It becomes a behavioral issue and a talent issue… We need the force of law to decrease our level of vulnerability… If corporations could be provided liability protection from frivolous law suits in exchange for meeting an agreed-upon cyber security standard of due care, and protected when sharing cyber threat information, it would incentivize different behavior.”