Flame. Gauss. Stuxnet. Hot button topics internationally as a result of numerous cyber attacks against countries in the Middle East uncovered recently. The very real threat of a widescale cyberattack is no longer something that only conspiracy theorists mull over in the minds anymore. A survey of 1000 people conducted in the UK by Computer Business Review reveals that an overwhelming 82% feel that pre-emptive attacks against enemies that pose a threat to national cyber security are justified. The bigger issue is that only 10% think that the government is doing enough at the present moment to protect the nation from threats.
Interestingly enough, few countries are technically capable of manufacturing such a complex program– the United States being one of those. Continued efforts overseas by our government puts us in the position to be a target for such threats now and in the future, which raises the need for increasing cyber defenses domestically. The U.S. government has even gone so far as to publicly declare that a cyber attack by a foreign government constitutes an act of war. This sort of attitude is partly attributed to an awareness of the capabilities of a well-placed cyberattack. The typical knee-jerk reaction of most other entities who fall victim to cyberattacks simply won’t suffice in the face of a big enough threat, either. Now is the time for answers as it pertains to the security of your information and assets through the branches of government.
Security experts are suggesting handing out fines to organizations who lack the proper defenses to defer would-be hackers that would force them to obtain better security measures. While this sounds great on paper, the execution of this would have to be premeditated and meticulously carried out. A standard needs to be created in regards to what ‘proper’ defenses are– an on-site physical firewall with encrypted systems, perhaps? What about routine infection sweeps? Mobile devices? Laptops? Educating employees on what to avoid and their limitations?
Domestically in the U.S., the very public breaches of banks, government sites and(most recently) the South Carolina Department of Revenue have severely reduced the confidence that citizens have at the state and federal level. Pre-emptive cyber strikes are not the answer, as that only breeds more dishonesty. We’re all very aware that covert operations are always being conducted under our nose, but broadcasting that invites a challenge from some of the world’s best black hat programmers to ‘take a shot’.
Ross Brewer, Vice President at LogRhythm, put it succinctly when he said “…Organisations need to really understand the difference between ‘normal’ and ‘abnormal’ behavior across every dimension of their electronic enterprise.” At Secure The World, we couldn’t agree more. That is the basis for our initiative and something we take very seriously, as that is the fundamental difference between true security and merely building a facade.
How do you feel we can better supplement domestic cyber security in the U.S.? Let us know.