Panetta criticised the government, arguing that partisan battles within the government are stopping it from properly addressing the growing cyber threat facing industry, during a press briefing attended by V3.
"I have never seen in all my time in and out of Washington so many people who are committed to screwing things up," he said. "In the past I've described the potential happening of a cyber Pearl Harbor, an attack that devastates our critical infrastructure and paralyses our nation. We need better defences to confront these threats."
Panetta said the lack of affirmative action is dangerous as state-sponsored hackers are already targeting the country. "We still live in a dangerous world and the last thing we should do is reduce our guard. We're still a nation, and war and terrorism remains a threat," he said.
"When I was at the CIA in 2009 our counter-intelligence teams told us we were experiencing as many as 100,000 cyber attacks every day. Now you can imagine for the defence department the number of cyber attacks is also enormous. This is because the network is enormous: 1.4 million people on active duty, 300,000 reserves, 800,000 civilians, all of them armed with devices on the network. All of that needs to be defended."
He added that the threat posed by state-sponsored hackers is not limited to government departments and the country has already mitigated attempts on critical infrastructure areas.
"In 2009 to 2012 the focus of our concern was economic espionage and the threat to US intellectual property. Then we received reports of even more disturbing attacks. Distributed denial of services targeting financial institutions. Though largely just nuisance attacks they broke the threshold. They were the first state attacks against our private industry. The next attack was destructive," he said.
"In August of 2012, state-backed hackers hacked into the system of a national oil company in Saudi Arabia. The attack contained a very particular virus the Shamoon virus that literally destroyed 30,000 computers. This is the level of the cyber threat and there are concerns there could be even more destructive attacks – we know state actors are probing our critical infrastructure."
Attacks on businesses involved in critical infrastructure has been a growing concern for governments across the world. Numerous security providers have criticised critical infrastructure areas, such as power plants, for their reliance on outdated software that leaves them open to attack.
Experts from Bluecoat systems and the Jericho Forum argued last year that UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online.
Panetta said governments need to adopt a similar three-stage strategy to that taken by the UK. "First of all, we need to have the American people and the people of the world understand the nature of the threat. Second, we need a strong government and private sector partnership, we all share a global infrastructure and we have a duty to protect it. Private industry must invest more in its defences and it must be willing to share data with the government," he said.
"Third, we have to continue to invest in cyber technologies. The government must continue to invest in creating new technologies and in training and recruiting skilled cyber warriors."
The UK Cyber Security Strategy has already seen the UK government launch numerous initiatives designed to increase collaboration between the public and private sector, and to increase the number of young people training in information security.
These have included schemes such as the Cyber Security Information Sharing Partnership (CISP) and the GCHQ-led Can You Find It code-tracking challenge.
No comments:
Post a Comment