The Internet helps people and companies stay connected to one another and has revolutionized the way companies do business. More recently, the Web has come also to be seen as one of the country’s greatest vulnerabilities. Earlier this year Steve Chabinsky, deputy assistant director of the FBI’s cyber division, warned that cyber attackers are growing increasingly sophisticated and that the potential attacks pose a very serious threat. He also said the FBI’s top priorities are terrorism and foreign nations “that seek every day to steal our state secrets and private sector intellectual property, sometimes for nefarious purposes.”
Cyber security has become a priority for the federal government. U.S. Sen. Joseph I. Lieberman is co-sponsoring a bipartisan act that will shape the way the nation might respond to cyberspace threats. The Protecting Cyberspace as a National Asset Act (PCNAA) has three primary focuses. It would establish a National Center for Cybersecurity & Communications to centralize government efforts to protect the Internet, privatize cyber security and establish national standards for protecting the infrastructure, and, most controversially, give the President the power to shut down the Internet for up to 120 days.
To gain more insight into the effects the act would have on current cyber security providers, BNH spoke with Kurt Heinemann, chief marketing officer for Milford information security provider Perimeter E-Security.
What is the nature of the threat to cyberspace? ? ?
As the world’s economies become ever more intertwined with the Internet, cyber attackers are developing greater capabilities to attack high-value targets. From any location, cyber attackers have the ability to disrupt the most vital systems, from electric power grids to financial markets.? ???
What are some forms of cyber attacks that Perimeter defends against??
Cyber attacks come in many forms and are more virulent, swift and stealthy than most organizations realize. Perimeter helps protect organizations from a wide variety of attacks through a layered defense approach. A successful attack usually
has any of several results, including: data breach and theft of sensitive data or intellectual property; dramatic dip in stock price for public companies; capture of keystrokes and other credentials that can grant hackers access to systems, data, accounts and other private areas. This often leads to money stolen from corporate bank accounts.
Some other results of cyber attacks can include command and control of systems for the purpose of relaying illegal traffic, hosting illegal content, attacking other systems either on the same or a different network;?disruption of business; loss of reputation and customer confidence; reduction in revenue; fines and lawsuits associated with breaches; and the high cost of information security forensics and cleanup post-breach.
What kind of attacks does the government fear?
Attacks against utilities and the financial system rank as some of the highest, but there are many scenarios that the government is trying to protect the country from. I don't think the government is worried about an attack against the Internet itself as much as cyber criminals and cyber terrorists using the Internet as a platform to perform attacks against critical infrastructure that society relies on. The Internet has created a common network that everyone uses for communication, and as such it can be used as a weapon against anyone that relies on it — which at this point is just about everyone. Anything from panic to fatalities to a depression could occur with a successful attack against critical infrastructure. ?
How would the Protecting Cyberspace as a National Asset Act (PCNAA) affect cyber security?
The PCNAA is an attempt to create a greater partnership between the government and the private sector to deal with cyber attack emergencies. The part of the bill that is getting the most attention is the 'kill switch' element that would grant the President powers to shut down part or all of the Internet at his discretion for up to 120 days as an emergency measure. Companies have to wonder what happens to their businesses if this were to occur. Most companies rely heavily on the Internet for day-to-day business. Many companies have business continuity plans or disaster recovery plans that involve the use of the Internet in the case of an emergency. An act like this takes some of the control away from private corporations and puts it into the government’s hands with little alternative. In certain circumstances this could have a catastrophic impact on any business in the U.S. However, on the flip side, it is generally a good idea for the government to take cyber security more seriously, and greater awareness and requirements should increase the security posture of organizations.
Are there other things you would or would not like the government to do in terms of cyber security?
There are already so many regulations and laws around cyber security. What we need is more enforcement and auditing. Because we are all connected by the Internet, in many ways the weakest link [companies that don't take information security seriously] can impact all of us. Many companies take cyber security seriously, but those that don't can seriously impact themselves and others. Increased enforcement of best practices regarding information security would strengthen the overall fabric of our digital world, making it safer for all of us.
| < Prev | Next > |
|---|
