Cyber Security: More Than Just Passwords
Cybercrime is here to stay. There have been so many headlines about data breaches and stolen user credentials that the topic has become almost blasé. In August, the New York Times reported that a Russian crime ring had amassed a collection of 1.2 billion username and password combinations.
More corporations are suffering data breaches, now including such major players as Target, Kmart, Home Depot, even P.F. Chang’s. A recent study by HP and the Ponemon Institute found that the 2014 cost of cybercrime has risen 96 percent in the past five years. The current average is estimated to be $12.7 million per organization. For the most part, these breaches stem from criminal organizations.
Imagine the damage that could be caused if a nation-state’s full resources were committed to carrying out a security breach. In reality, there’s little imagination necessary; cyberwarfare is alive and well. Stuxnet made huge waves back in 2010, but the U.S.-Israeli joint effort isn’t even close to being the only cyber-equivalent to an airstrike.
Officials in Kiev are claiming that Russian forces are disrupting their military communication networks. In 2008, cyber-attacks overwhelmed websites and servers in Georgia just ahead of the Russian-led invasion, calling to mind a similar situation with Estonia. During a spat with Moscow, in 2007, Estonia experienced a 10-day cyber-assault on their internet services, causing major disruptions to financial systems.
The United States is not invulnerable, either. In 2008, the Agent.BTZ worm ate into the military’s classified computer networks. More recently, computer systems in the White House itself were illegally accessed.
Consider all the critical infrastructure controlled by computer systems: electrical grids, traffic systems, natural gas pipelines. Now add to these the communications backbones in use by the federal government and private industry, upon which financial services depend. That’s a lot of surface area to protect.
In May of 2012, the U.S. Department of Homeland Security warned of a “gas pipeline sector cyber intrusion campaign” linked to the Chinese government. Media outlets like the New York Times and the Wall Street Journal, and tech companies like Google, Yahoo and Microsoft, have had their share of cyber-attacks as well, with China again the alleged perpetrator. The Chinese government is also suspected of hacking iCloud to spy on the Chinese people, according to Greatfire.org, an organization that researches Chinese internet censorship.
Cyber Command, or CYBERCOM, is America’s first line of defense against state-sponsored cyber-attacks, having been created in response to the Agent.BTZ worm. As is the case for the private sector, more cybersecurity threats mean higher costs for government, resulting in a budget explosion for CYBERCOM. Fiscal 2014’s allocation of $477 million was nearly twice the prior year’s budget.
The total expenditure on CYBERCOM since 2010 has been $1.1 billion. That might sound like a hefty price tag for a fledgling government agency, but as national security threats move from bombs and bullets to botnets and malware, it’s definitely money well spent.