Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
A lot of business and IT folks go home at night wondering why the U.S. government isn't more aggressive about cyber criminals specifically and cyber warfare in general. After all, it is U.S. businesses that are the digital frontlines of these attacks and right now losses are mounting.
But while the U.S. government certainly has a lot of digital capability at its disposal, Sam Visner, vice president of cyber security for the IT services firm CSC, notes that it's important to allow the rule of law to prevail in these matters. The trouble right now, however, is that many of these attacks are emanating from places where law enforcement is either lax or non-existent. There is a lot of work being done to create the international mechanisms, such as the International Cybercrime Reporting and Cooperation bill put forward by Sen. Kirsten Gillibrand (D-N.Y.) and Sen. Orin Hatch (R-Utah) to create some mechanism for going after the organizations that commit these attacks. But for now, Visner says the better part of valor is to be patient.
Part of the problem is that these attacks take place in cyberspace where there are no borders. In addition, it's not clear to what degree, if any, the activities of these groups are sanctioned by any government. In the case of China, the attacks are ascribed to misguided "patriots," while cyber crime emanating from former countries of the Soviet Union is attributed to organized crime syndicates that may or may not have any government affiliation.
Until the U.S. intelligence community firmly establishes who did what and when it occurred, Visner says it's hard to address these issues at a governmental level without some specific framework in place. The U.S. can shut off access to the U.S. Internet to some foreign-based Internet service providers, but would be reluctant to create an international incident without first working through the proper diplomatic channels. That doesn't mean that the U.S. doesn't intend to be proactive about this issue as noted this week by Leon Panetta during his Secretary of Defense confirmation hearings, it's just that a lot of processes still need to be put in place.
The concern now is that there are those starting to make a case for fighting digital fire with fire. They are essentially advocating the setting up of digital privateers to go after the attackers. In some cases, these people are individuals acting as the patriotic equivalents of "digital minute men." In other instances, they are organizations that operate outside of the U.S. and, as such, are not directly accountable. And just to add more fuel to the fire, countries such as Israel and Australia have set up counter cyber-terrorism units, which can be broadly defined as addressing almost any type of cyber security issue.
In the meantime, Visner says IT organizations have to realize that, at this juncture, the best they can do is mitigate their losses. That may mean spending more on security than they like, but the fact of the matter is the many areas of cyberspace are essentially lawless. So if you intend to do business in cyberspace, you have to accept the risks that go with that decision. Right now, the economic benefits of the Internet still far outweigh the potential risks. Still, companies would be well advised to secure their valuables in an age where cyber security, like it or not, is simply a bigger cost of doing business.