Has The US Become Complacent About Resisting Cyber Attacks?

The disclosure that Russia was responsible for penetrating the unclassified email system used by the US Joint Chiefs of Staff should be disconcerting.

Unfortunately, many accounts of cyberattacks these days seem to produce yawns. A major Hollywood studio discovered its computers ruined; a sensitive US government trove of personnel information was stolen; corporate secrets were hacked and used for insider trading; major retailers and a health-care provider were looted of customer data — yet the United States has been complacent and lazy in responding.

The attacks on the private sector have been unrelenting, and the onslaught against Sony Pictures Entertainment, discovered in November, which President Barack Obama blamed on North Korea, seemed to ignite a new determination in Congress to act. The House passed legislation and, before the August recess, the Senate seemed poised to consider a bill that would facilitate sharing information between government and business about malware on the private networks. The bills are no panacea, and privacy concerns remain an issue, but progress was evident before the recess. Hopefully momentum won’t be lost this autumn.

At the same time, signals from the Obama administration about responding to the theft of some 22 million sensitive records from the Office of Personnel Management are ambivalent. This was the largest cyberattack on the U.S. government in history, giving those who stole the data, probably Chinese spies, access to confidential questionnaires used in applications for government security clearances. 

According to a report in The New York Times, administration officials want to retaliate but have not settled on how: whether economic sanctions, public protests or a retaliatory assault in cyberspace. The officials are also justifiably concerned about escalating a conflict with China. A debate over how to respond to the OPM theft highlights some of the hard choices facing the United States in this new era of digital conflict. Among the most important questions: How can the United States deter others from such rampant assaults?

Cyber conflict does not fit neatly into other types of war, espionage and crime. It is asymmetrical, favoring a smaller, stealthy attacker over the defender. The concept of deterrence from the nuclear age — the idea of two cocked pistols preventing either side from shooting — offers limited comfort in a conflict in which attackers often can avoid identification until long after an attack. 

US cyberweapons are still largely secret and embedded in the intelligence community, precluding open debate or public notice. Yet another brake on using these weapons is the possibility of retaliation that could cause more harm to vulnerable US networks. Still, it is past time to think about what kind of actions will bolster deterrence. Doing nothing is not an acceptable option. The United States needs to give cyber attackers real pause and a credible threat of certain retaliation, one that can be seen in public as well as felt in private. So far, it does not appear to exist. And the attackers are not so lazy.

Ein News

 

 

« First Ever EU Rules On Cybersecurity
Gateway For Hackers »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

National Cyber Security Centre (CNCS) - Portugal

National Cyber Security Centre (CNCS) - Portugal

CNCS is the operational coordinator and Portuguese national authority in cybersecurity working with State entities, and digital service providers

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Normalyze

Normalyze

Normalyze are solving some of the most painful problems enterprise IT security teams face in the cloud and data security space. We help enterprises protect all the data they run in the cloud.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.