ARCHIVED 12/7/09

December 7, 2009


William Matthews, Defense News, 12/07/2009

Much of cyber defense, however, must be the job of private companies, not the U.S. military. Companies will have to defend themselves, but so far, most have done a poor job of it. Private firms have become a prime target for foreign intelligence services that break into computer systems to steal valuable information, the ISA reports. Intelligence that once required years and considerable expense and skill to obtain now can be stolen from computer networks with relative ease.

“The return on investment for targeting sensitive U.S. information (the intelligence gain) can be extraordinarily high, while the barriers to entry (the skills and technologies required to implement an operation) are comparatively low,” the ISA says. The problem is so serious that “U.S. government officials assess that this activity in the aggregate has the potential to erode the United States’ long term position as a world leader in science and technology,” the report says. And the threat is likely to grow.

Many countries are actively developing their own offensive network operations capabilities, the report says. The proliferation of potential attackers has become a key U.S. counterintelligence challenge. “New information security approaches are critically needed,” the alliance says. Yet in both the private sector and in government, “information security remains largely focused on outmoded defensive techniques.”

Sagalow said the U.S. government should develop a variety of financial incentives to encourage the private sector to improve security. Among them, he suggests requiring companies to meet certain cybersecurity standards before they can receive government grants, loans, contracts or bailouts. Tax breaks and limitations on liability could also be used to encourage companies to beef up cyber defenses.

But improving computer network security will be an uphill battle. “When it comes to cybersecurity, all of the economic incentives favor the attackers,” Clinton said. “Attacks are relatively easy and cheap, and the gains from them can be enormous. On the other hand, defense can be costly,” and “the perimeter to defend.