Last night, in the State of the Union, President Obama highlighted the risk that America faces from cyber-attack. He also signed an executive order on cybersecurity, expanding the availability of unclassified threat information to critical infrastructure companies and appointing NIST to lead the development of a cybersecurity framework. These are positive steps to improving the cybersecurity of America’s infrastructure, but there is far more that needs to be done to secure our infrastructure.
Our digital infrastructure is pervasive, and an integral part of our daily lives. From basic services such as power and communications to healthcare, commerce, finance, and manufacturing – every major industry and service is dependent in some way on the technology grid.
This grid is extremely vulnerable to attack. These attacks may take the form of a deliberate, targeted cyberterror-type attack. Of equal likelihood – and potentially with the same impact – is an untargeted attack, where attackers unleash malware into the wild, without a specific target in mind. The impact to our economy and security of a successful attack, whether targeted or not, can be catastrophic.
We need to do much, much more, but fixing this problem is not easy. The cybersecurity legislation that sits in both the House and Senate are a good next step. Providing incentives for critical infrastructure providers to improve their cybersecurity based on risk assessments will be another key step. Investing in training skilled security analysts and engineers who can defend against cyber attacks will be critical. The US is expanding the Cyber Command to have 4,900 troops and civilians, up from 900. There are 58,000 troops in the US Special Operations Command alone. As the battlefield evolves from traditional sea, air, and land battles to urban and cyber warfare, we need to evolve our defenses and capability.
What can we do? We need to continue to innovate and research these threats, and how they are evolving. We need to invest in growing our cyber workforce. And, most importantly, we need to recognize that every single system in the US can potentially be exploited, and needs to be protected.