NSI News

Conference a step toward cyber security awareness

The real issues crucial to cyber security often get buried amid technical terms and the intricacies of the United States governments’ computer systems. But the key to defending our nation against potentially disastrous impacts of cyber espionage and criminal hacking is understanding the methodology and new threat matrix. Today, the intelligence, business and criminal communities are indistinguishable and often one in the same.

Those who attend this year’s GovSec/U.S. Law Conference March 23-24 at the Walter E. Washington Convention Center will have the opportunity to understand both the threat matrix and the mind of the hacker. As organizer and moderator of the General Session on Cyber Espionage and Criminal Hacking, I will guide a panel of experts in a discussion of how a nexus of crime, business and intelligence presents a threat to individuals as well as public and private sector companies that is magnified by our IT-dependent world. Additionally, I will conduct a session on Law Enforcement Case Studies and Tactics — From Intelligence Led Policing to Predictive Policing: How Technology and Information Fuse a New Paradigm.

During the General Session, experts from the United States and England will illustrate how our cyber vulnerabilities provide myriad opportunities for criminal thieves, corporate espionage agents, terrorists and intelligence organizations to steal information, money and secrets for a variety of purposes as well as inflict damage on our critical infrastructure.
Sophisticated intelligence operations have raided our computers, and pilfered them of their contents. Malware and other sophisticated software techniques have been used to defraud credit card companies and banks. A ZeuS malware attack sent emails to federal officials appearing to be from other trusted members of the government but in fact inserted software to obtain files of interest and broadcast them out to adversaries. The recent online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, according to published reports. The connection of crime, intelligence and foreign operations are at times, indistinguishable. This complicates our understanding of the threat environment and provides deniability for intelligence operations.

In an unusually bold statement in 2008 detailing another incursion of the Net battle targeting government sites, the CIA admitted web hackers penetrated overseas power grids, compromising service while demanding payment in exchange for cessation. But the most dramatic testimony was delivered last week by the former Director of National Intelligence, Michael McConnell, who told the Commerce, Science, and Transportation Committee on Feb. 23 “We’re the most vulnerable. We’re the most connected. We have the most to lose. So, if we went to war today, in a cyber war, we would lose.” His testimony should serve as a clarion call to rally around!

Today, the U.S. government is providing more attention and commitment of resources to this problem via a $17 billion cyber security initiative passed by Congress. However, the need for state and local action to protect our critical infrastructure should also become a priority. The National Governors Association (NGA) states that cyber security is the weakest link in their efforts to protect critical infrastructure assets in its states. The National Association of State Chief Information Officers (NASCIO) has proposed a specific cyber grant program for states similar to the DHS homeland security grants. In short, our exposure is enormous and the resources heretofore have been meager.

Testimony and proposals such as these will help to build our awareness of the issue. But without a concerted public relations campaign, similar to the “don’t be a litterbug” campaign of the past or the “Smoky the Bear” campaign, that create a character who viewers can emotionally connect with, our investment will never fully achieve its intended goal. That is because computer security is everyone’s business, for if any computer is unprotected, that innocent machine can be taken over for illicit purposes.

In our effort to develop solid solutions to these complex problems, building greater awareness and understanding of our cyber vulnerabilities underlies what’s quite possibly the greatest threat to national security today. The GovSec/U.S. Law Conference is the ideal place to do just that.

###

For more information, please contact Heather Sabharwal at hsabharwal@kglobal.com or 202-349-7016.