The United Stats is perhaps the most-networked nation in the world. We use information technology networks to conduct business, bank, shop and even conduct warfare. One of the greatest assets of the U.S. infrastructure is the prevalence of IT networks. It allows us to access information rapidly and conduct essential transactions.
This absolute reliance on networks also serves as one of our nation’s greatest vulnerabilities. Previously, researchers demonstrated a power generator could be destroyed by hacking the system and causing an overload.
With the majority of critical infrastructure held by the private sector, the United States faces a series of unique challenges in defending domestic networks.
The New New Internet has learned McAfee, a computer security company, recently commissioned a study conducted by CSIS on the threats to critical infrastructure in cyberspace. The study, titled “In the Crossfire: Critical Infrastructure in the Age of Cyber War,” is the first of its kind to look at the problem globally.
The report contains a number of revealing findings regarding security throughout a variety of business sectors. There has been a marked increase in cyber attacks against companies and yet the global recession saw the slashing of funding at some IT departments.
Among the wide array of companies surveyed, 89 percent reported attacks involving malware, 60 percent reported theft-of-service attacks and over 70 percent reported a range of other attacks, including phishing and pharming. Around 30 percent of the companies surveyed also said that they had little faith in their banks and telecom providers’ ability to withstand attack. In the Middle East, 95 percent of respondents said that their sector was not prepared to handle Ghostnet-style attacks.
The report also highlighted some of the varied roles governments can and do play in cybersecurity. One aspect is partnering with the private sector.
Asha Mathew, senior council for the Senate Committee on Homeland Security and Governmental Affairs, said at the announcement of this report “without working in partnership with the private sector it would be very difficult for the federal government to achieve much of anything.”
The Department of Homeland Security has the lead role in handling partnerships with the private sector for critical infrastructure protection. Jenna Menna of DHS, said the department was “looking at ways to share that really meaningful information” with the private sector. Sue Armstrong, deputy assistant secretary for infrastructure protection at DHS, said “security is obviously a shared responsibility and I believe we need to push the public/private partnership.”
Nevertheless, only half of the respondents believe the laws in their country are adequate to respond to the threats in cyberspace.
In perhaps the strangest twist in the report, China received relatively high marks for ensuring companies are implementing cybersecurity protocols. China has uniquely close cooperation with officials, high levels of regulation and auditing, robust confidence in government and higher adoption of security measures. Chinese companies also report a lower level of cyber incidents than their counterparts in other major developing nations like Brazil and India.
In China, around 80 percent of respondents said the Chinese government had audited its security procedures. In another twist, the United States is viewed as a greater threat by the companies surveyed than China was (36 and 33 percent, respectively).
Dr. Phyllis Schneck, VP and director of threat intelligence for the Americas at McAfee, pointed to the importance of the report and what is at stake.
“The bad guys right now are better than we are and they are winning this war,” she said. “They don’t need meetings to do bad things.”
The report from McAfee can be accessed here