NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0619 Cyber defense experts say US is not prepared for attacks:


If the bad guys launched a coordinated cyber attack on the United States tomorrow, neither government nor industry would be able to stop it," according to a press account of statements made by cyber defense experts at an 18 September 2008 hearing of the House Permanent Select Committee on Intelligence. "Our current information infrastructure is riddled with holes, unknown backdoors, and is extremely difficult to protect in the face of increasingly sophisticated adversaries," said Paul Kurtz, a partner with Good Harbor Consulting and a member of the Center for Strategic and International Studies (CSIS) Commission on Cyber Security. The CSIS commission is scheduled to release a full report on its evaluation of US cyber defenses in November.

The former Director of the National Cyber Security Division at DHS, Amit Yoran, and Kurtz conveyed that the government is not doing enough to involve private industry in the cyber defense effort, according to the report. For example, there is no organized way for companies and government to share information about attacks or breaches, they said. There is no coordinated strategy or mechanism for sharing intelligence about intrusions with companies, nor is there a systematic way for companies to share information with the government.

Yoran raised warnings that private companies that deliver parts of the nation's critical infrastructure ‑ such as utilities ‑ are not well coordinated in cyber defense. He said that the definition of "critical infrastructure" has become overly broad, which makes these defenses more difficult to develop.

Kurtz registered concerns about the theft of intellectual property from US companies, which he said is occurring at a rate of $200 billion a year. "American industry and government are spending billions of dollars to develop new products and technology that are being stolen at little to no cost by our adversaries," he said. "Nothing is off limits ‑ pharmaceuticals, biotech, IT, engine design, weapons design."

A key issue for policymakers is how the government effectively can monitor private networks for intrusions without infringing on the privacy rights of Americans whose data flows through those networks, according to the article. "Telecom companies may monitor and collect data to protect their own networks, but they cannot share that information freely with the federal government without a court order," said James A. Lewis, the CSIS commission program manager.

[DarkReading.com 19Sep08; www.washingtonpost.com. 19Sep08]


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Friday, 10-Oct-2008 12:34:12 EDT