Has The US Become Complacent About Resisting Cyber Attacks?

Uploaded on 2015-12-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The disclosure that Russia was responsible for penetrating the unclassified email system used by the US Joint Chiefs of Staff should be disconcerting.

Unfortunately, many accounts of cyberattacks these days seem to produce yawns. A major Hollywood studio discovered its computers ruined; a sensitive US government trove of personnel information was stolen; corporate secrets were hacked and used for insider trading; major retailers and a health-care provider were looted of customer data — yet the United States has been complacent and lazy in responding.

The attacks on the private sector have been unrelenting, and the onslaught against Sony Pictures Entertainment, discovered in November, which President Barack Obama blamed on North Korea, seemed to ignite a new determination in Congress to act. The House passed legislation and, before the August recess, the Senate seemed poised to consider a bill that would facilitate sharing information between government and business about malware on the private networks. The bills are no panacea, and privacy concerns remain an issue, but progress was evident before the recess. Hopefully momentum won’t be lost this autumn.

At the same time, signals from the Obama administration about responding to the theft of some 22 million sensitive records from the Office of Personnel Management are ambivalent. This was the largest cyberattack on the U.S. government in history, giving those who stole the data, probably Chinese spies, access to confidential questionnaires used in applications for government security clearances. 

According to a report in The New York Times, administration officials want to retaliate but have not settled on how: whether economic sanctions, public protests or a retaliatory assault in cyberspace. The officials are also justifiably concerned about escalating a conflict with China. A debate over how to respond to the OPM theft highlights some of the hard choices facing the United States in this new era of digital conflict. Among the most important questions: How can the United States deter others from such rampant assaults?

Cyber conflict does not fit neatly into other types of war, espionage and crime. It is asymmetrical, favoring a smaller, stealthy attacker over the defender. The concept of deterrence from the nuclear age — the idea of two cocked pistols preventing either side from shooting — offers limited comfort in a conflict in which attackers often can avoid identification until long after an attack. 

US cyberweapons are still largely secret and embedded in the intelligence community, precluding open debate or public notice. Yet another brake on using these weapons is the possibility of retaliation that could cause more harm to vulnerable US networks. Still, it is past time to think about what kind of actions will bolster deterrence. Doing nothing is not an acceptable option. The United States needs to give cyber attackers real pause and a credible threat of certain retaliation, one that can be seen in public as well as felt in private. So far, it does not appear to exist. And the attackers are not so lazy.

Ein News

 

 

« First Ever EU Rules On Cybersecurity
Gateway For Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.