Has The US Become Complacent About Resisting Cyber Attacks?

Uploaded on 2015-12-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The disclosure that Russia was responsible for penetrating the unclassified email system used by the US Joint Chiefs of Staff should be disconcerting.

Unfortunately, many accounts of cyberattacks these days seem to produce yawns. A major Hollywood studio discovered its computers ruined; a sensitive US government trove of personnel information was stolen; corporate secrets were hacked and used for insider trading; major retailers and a health-care provider were looted of customer data — yet the United States has been complacent and lazy in responding.

The attacks on the private sector have been unrelenting, and the onslaught against Sony Pictures Entertainment, discovered in November, which President Barack Obama blamed on North Korea, seemed to ignite a new determination in Congress to act. The House passed legislation and, before the August recess, the Senate seemed poised to consider a bill that would facilitate sharing information between government and business about malware on the private networks. The bills are no panacea, and privacy concerns remain an issue, but progress was evident before the recess. Hopefully momentum won’t be lost this autumn.

At the same time, signals from the Obama administration about responding to the theft of some 22 million sensitive records from the Office of Personnel Management are ambivalent. This was the largest cyberattack on the U.S. government in history, giving those who stole the data, probably Chinese spies, access to confidential questionnaires used in applications for government security clearances. 

According to a report in The New York Times, administration officials want to retaliate but have not settled on how: whether economic sanctions, public protests or a retaliatory assault in cyberspace. The officials are also justifiably concerned about escalating a conflict with China. A debate over how to respond to the OPM theft highlights some of the hard choices facing the United States in this new era of digital conflict. Among the most important questions: How can the United States deter others from such rampant assaults?

Cyber conflict does not fit neatly into other types of war, espionage and crime. It is asymmetrical, favoring a smaller, stealthy attacker over the defender. The concept of deterrence from the nuclear age — the idea of two cocked pistols preventing either side from shooting — offers limited comfort in a conflict in which attackers often can avoid identification until long after an attack. 

US cyberweapons are still largely secret and embedded in the intelligence community, precluding open debate or public notice. Yet another brake on using these weapons is the possibility of retaliation that could cause more harm to vulnerable US networks. Still, it is past time to think about what kind of actions will bolster deterrence. Doing nothing is not an acceptable option. The United States needs to give cyber attackers real pause and a credible threat of certain retaliation, one that can be seen in public as well as felt in private. So far, it does not appear to exist. And the attackers are not so lazy.

Ein News

 

 

« First Ever EU Rules On Cybersecurity
Gateway For Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Veracode

Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.