Last week, Aviation Week held its Cybersecurity Forum, highlighting the maturing and varied threats from cyberspace. Lt. Gen. Harry Raduege, Chairman of Deloitte’s Center for Cyber Innovation, outlined how cyber threats have evolved.
“Today, they’re much more sophisticated, more prevalent, and hackers have much more focused intent,” he said in a podcast. “We’re experiencing massive losses of intellectual property. Estimates are that we’re losing over a trillion dollars a year in data that’s being stolen, globally.”
He added that “aerospace and defense programs are susceptible to cyber attacks that can cause service outages and mission failure,” and said that the U.S. “knows of over 4,000 terrorist organizations that operate on the Internet.”
Gen. Raduege considers the United States “terribly vulnerable.” He said, “there are many ways to penetrate the most secure systems that we have. That ranges from electronic intrusions to naive employees.”
Gen. Dale Meyerrose of Harris Corporation also moderated several panels on cybersecurity, and he says that our focus “needs to be around cyber as it relates to critical infrastructure”
Gen. Meyerrose outlines two key goals in securing cyber infrastructure:
- Making cyber infrastructure trustworthy.
- Using cyber infrastructure to protect conventional infrastructure, e.g. banking, power, manufacturing and retail.
For Gen. Meyerrose, the greatest challenge is supply chain integrity. “Without supply chain integrity, it’s impossible to establish trust in cyberspace. With so much of our hardware, software and firmware manufactured offshore, the ability to assure supply chain integrity becomes more and more problematic. That’s the insidious part.”
He added that, frequently, “we start the protection of cyber with the security or protection of cyberspace, and I think that’s way too late. No matter how deep you dig that moat or how high you build that wall, you don’t have integrity without supply chain integrity.”
We should keep in mind, according to Gen. Meyerrose, that cybersecurity is a means to an end rather than an end in and of itself. “Often times, we use the security of cyberspace as the burning platform, the sense of urgency, so we often forget that we’re not protecting cyberspace for the joy of protecting cyberspace.”