Dr. Jim Lewis Speaks at the Potomac Officers Club

Jim Lewis
Dr. Jim Lewis

Senior Fellow and Director of CSIS’ Technology and Public Policy Program, Dr. Jim Lewis spoke at the Potomac Officers Club event this afternoon.  His remarks focused on cybersecurity, and he detailed some of the greatest current threats to industry and national security, as well as some potential solutions.

Much of his speech focused on China, a state that he says “squeezes” foreign technology companies with operations in China. This is a large part of how China has come so far in information technology over the past fifteen years, according to Dr. Lewis.  Dr. Lewis said that China chafes under what they call the “Qualcomm Tax,” or the royalties they pay foreign design companies to produce their hardware, and intellectual property theft plays a major part in China’s growth strategy.

He praised Google’s reaction to the cyber attacks, and noted that of the dozens of companies attacked, only Google publicly admitted that they had lost data.  This, he said, is an important step, and an unprecedented one.  Google realizes, according to Dr. Lewis, that while the Chinese market is huge, it’s only one part of the global market for information technology, and this kind of “pushing back” against China’s routine probing of American hardware is necessary.  He told a story about a friend who brought a Blackberry smartphone to Beijing for the 2008 Olympics, “Between exiting the plane and arriving at the gate, [his Blackberry] was probed five times.”

Using Russia, he explained the mode by which states engage in cyber espionage, which constitutes a much greater and more immediate threat than cyber terrorism, according to Dr. Lewis.  He said that so long as cyber criminals in Russia provide kickbacks to local police, refrain from attacking Russian businesses and help national authorities carry out large-scale cyber attacks (i.e. attacks against Georgia and Estonia last year); Russian authorities leave them alone.

This gives the state “implausible deniability,” exploiting the problem of attribution in cyberspace to strike at its enemies while profiting from illicit activity.  In fact, he used the mafia as an analogy to explain the practical threats from cyberspace.  Conflict is unprofitable, Dr. Lewis said, and cyber warriors are likely to stick to attacks that make money.

Hackers, he said, are careful not to “cross the line,” to commit an act of aggression that would provoke a response.  “Cyber attacks are just another weapon in a country’s arsenal.  It’s not as though Vladimir Putin will wake up one morning and say, ‘I think I’ll knock out power in the Northeastern United States any more than he would launch a missile at it.”

He noted that, generally, terrorists use whatever means at their disposal to attack U.S. targets, and reasoned that if terrorists had the capability to launch cyber attacks against U.S. infrastructure, they would have done so already.  “What are they waiting for? Osama’s birthday?” He wondered humorously.

When asked what the United States should do to protect itself from cyber espionage, he said that the U.S. should follow the lead of the French and British governments, who conduct regular, high-level briefings for technology industry executives doing business in China.

But make no mistake, Dr. Lewis does not dismiss cyber terrorism as a threat.  In fact, he singles out the Lebanese Shi’a paramilitary and political organization Hezbollah as a potential cyber aggressor.  It takes “six to eight years” for a technology or capability developed and deployed by large states to wind up on the black market, so he says it’s only a matter of time before cyber terrorism capabilities find their way into the hands of terrorists.

He says that the “window of time” to deal with cyber espionage and cyber warfare from a policy standpoint is closing rapidly, and that the American government must act soon or risk losing the technological leadership that is the “key to our national security.”

You may also be interested in...

John Osborne Chief OpenShift Architect Red Hat Public Sector

Red Hat’s John Osborne on How Agencies Can Secure Containerized App Development

John Osborne, chief OpenShift architect for public sector at Red Hat, wrote in an article that adopting cloud-native security platforms could help agency developers secure the development of containerized applications. Osborne said the open source community is creating and introducing new tools that could provide visibility into containerized applications, “perform deep scans to detect trojans, viruses and malware contained within the images” and improve runtime security through the identification of possible behavior changes and anomalies. 

Robert McLernon VP of Federal Sales Axonius

DLT Adds Axonius IT Asset Management Platform to GSA Schedule; Robert McLernon Quoted

DLT Solutions and Axonius have partnered to offer an information technology asset monitoring system to agencies through a governmentwide acquisition contract vehicle managed by the General Services Administration. Axonius announced Tuesday the inclusion of its Cybersecurity Asset Management Platform to DLT's GSA Schedule contract as an offering intended to help public sector customers maintain asset inventory and security compliance.

Craig Halliday CEO Unanet

Executive Spotlight: Unanet CEO Craig Halliday Discusses ERP Tech Advancements; Benefits for GovCon Sector

Craig Halliday, chief executive officer of Unanet, recently spoke with ExecutiveBiz regarding the launch of the company’s enhanced capabilities for its ERP technology platform, benefits for contractors in GovCon and the federal workforce as a whole. “The key for us is that if there is a better and easier way for a customer to run their business, we will do everything we can to provide them with that product or service.”