Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/11/2013
10:21 AM
50%
50%

Cyberthreats Grow More Ominous: Former NSA Chief

Microsoft's Craig Mundie, former NSA and CIA chief Gen. Michael Hayden and other experts say cybersecurity attacks are getting more dangerous.

The nature of cybersecurity attacks is becoming more dangerous and the threats on business and government more disturbing, a group of IT and cybersecurity experts said at a Cybersecurity Summit, held by the Washington Post Oct. 3.

"I think that people need to understand that in the last 12 months there's been a qualitative change," said Craig Mundie, senior adviser to the CEO at Microsoft. "The threats are moving to destructive attacks. Unlike conventional weapons, every time someone shoots one of these weapons, the bad guys get to watch it, then clone it."

Gen. Michael Hayden, former director of both the National Security Agency and the CIA, told attendees that U.S. computer networks -- not just government systems, but corporate systems and ordinary citizens' computers -- face layers of threats. While concerns about systematic penetration by nation states such as China, India and Russia are well recognized, that threat primarily is of intellectual property theft.

"We steal stuff, I admit that," he said of U.S. intelligence community efforts, "but we do it to protect citizens, not to get rich."

[ For more info on protecting your systems, see Don't Let 'Spooks' Get Your Cloud Data. ]

More concerning are the emerging threats that want to damage systems, such as the cyber attack against the Saudi Arabian national gas company Aramco. Hayden pointed out that about 35,000 hard drives were wiped clean in that attack.

The emerging new groups of attackers act on a wide range of motives. They are "just mad, mad at the world. Blessedly, they are the least capable right now," Hayden said, but "they may acquire capabilities comparable to nation states and criminals."

Ellen Richey, chief enterprise risk officer for Visa, the global credit card company, said her industry loses about $10 billion every year to theft and fraud. While the industry actively works to strengthen its security measures, law enforcement around the world has not adapted to the new Internet environment.

"We know who some of these big players are, and they are specifically attacking American and western European companies," Richey said. "If someone came and bombed my data center, I presume the government would protect me, but if an enemy country sent hackers to attack me," the company is on its own.

The rules of cyber warfare are evolving slowly as governments and companies around the world work to address these threats, but the concept of "self-defense" does not apply.

"It's illegal to chase bad guys up the wire, even if you have the capability to do so -- it's illegal to shoot back," Mundie said. There is no "self-defense" argument a company can make. These legal limits, and other constraints, make for uneasy relations between government agencies tasked with cybersecurity and the industries that get targeted by hackers.

For instance, Howard Schmidt, former White House cybersecurity coordinator, said, "If you go to small co-ops that provide electric power ... the government almost becomes an enemy because these utilities have done a lot and they're not being recognized. There is a maturity model for the energy sector ... but to constantly say 'the private sector has failed,' makes it very difficult to have a dialogue."

Rather than simply lamenting the state of affairs, the panelists suggested repeatedly that good computer hygiene -- firewalls, prompt software upgrades and patch management, two-factor identification, limiting administrative permissions, and other fundamentals of cybersecurity -- would address 80% of the threats faced by computer users and networks, whether in the public or private sector. This would allow cyber resources to be dedicated to the all-important 20% of threats, from new zero-day exploits to threats against critical infrastructure such as the electrical grid.

To that end, Jane Lute, former deputy secretary at the Department of Homeland Security and now president and CEO of the Council on Cyber Security, said her organization is going to convene the first meeting of law enforcement officials from around the world to discuss cybersecurity and threats.

"Can we prioritize cyber intrusions ... as a diplomatic priority?" she said. "Quite frankly, the business sector has been slow off the mark. They need to be incentivized. Good business practice isn't an incentive, the protection of people's privacy isn't an incentive."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Chuck Brooks
50%
50%
Chuck Brooks,
User Rank: Apprentice
10/14/2013 | 8:04:09 PM
re: Cyberthreats Grow More Ominous: Former NSA Chief
I attended the Washington Post conference (which was informative and eye opening). Patience's summary of the highlights of the conference are concise. The biggest takeaway is that cyber threats are expanding exponentially and it is very difficult to maintain a current/heightened level of security. Good computer hygiene and awareness are often overlooked and are an increasingly more important part of mitigating threats.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.