American business is already under cyberattack, say two security experts who served on a congressionally sponsored study being conducted by the Center for Strategic and International Studies (CSIS) to give recommendations to the next president regarding U.S. cybersecurity.
The Threats Working Group, part of the Commission on Cyber Security for the 44th Presidency, issued its final report this week, with some startling insights into the depth and breadth of that threat.
Tom Kellerman, chairman of the Threats Working Group and vice president of security awareness at Core Security Technologies, says the U.S. government has identified more than 100 countries that use military-level cybercapabilities to help their companies gain a competitive advantage. "Many of these countries endow [their] national corporations with cyberespionage capabilities so as to steal intellectual property for the sake of economic advantage," he says.
The plain and simple fact is that technology is completely interwoven into how government and corporations operate, says Amit Yoran, another member of the Threats Working Group and a former director of the National Cyber Security Division of Homeland Security. That technology -- communications technology, in this case -- is thus a key vector into discovering, and perhaps even manipulating, the information behind key industries. Protecting those industries' competitiveness is a key part of a country's national interest, he adds.
The communications revolution that lets people work almost anywhere and share information across public and private networks has helped many businesses be more agile as barriers to knowledge work are removed. But this "de-perimeterization of business" also means there are no borders that can be defended, says Phillip Dunkelberger, president and CEO of PGP, a point-to-point encryption vendor.
Private enterprise needs to meet the de-perimeterization security challenge with security systems as sophisticated as what cyberthieves use because cyberattacks can now do tremendous damage -- including taking down utility companies and banks and rendering them unable to distribute electricity or move money.
The Threats Working Group's Yoran says we need to think of our computer network as an aquatic environment. If you don't protect the entire aquatic ecosystem, you don't stand a chance of protecting the integrity of your own data inside it, he says.
Mobile is the least secure medium
Although the de-perimeterization risk affects all methods of electronic communications, mobile communications is most at risk, Dunkelberger says, due to their very architecture.