Those of us in the security industry have been wondering aloud for some time as to when the issue of cyber security would make its way into the election cycle. After the economy, national security is always high on the priority list of qualifications for the person who would be Commander-in-chief. While many have not completely caught up to the notion that cyber warfare is every bit as real as physical conflicts, capable of inflicting catastrophic damage, it would appear that President Obama is setting his sights on changing this.
In an opinion piece that ran in the Wall Street Journal on Friday July 20 entitled ‘Taking the Cyberattack Threat Seriously’ the President outlines a simulated exercise he had authorized involving his top advisors where the country suffers a large-scale cyber attack. The President writes: Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill. While on the surface this may seem like the plot to a summer blockbuster, the threat is very real.
The connected world in which we exist that enables tighter oversight and control also creates portals which make our most critical infrastructure assets vulnerable. We regularly interact with cybersecurity experts across a range of law enforcement and intelligence agencies. These meetings allow us to exchange best practices and compare notes on the latest tactics and technologies employed by attackers. And even though the security industry has invested heavily in developing defenses to thwart these attacks, the reality is that the bad guys are always at least a step ahead. One of my favorite sayings as it relates to security is that the onus is on us to be right 100 percent of the time, the hacker only has to be right once.
We have been fortunate to date, but with every passing week the sophistication of attacks only increases. The President went on to say:
So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted. It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.
If you are reading this and thinking to yourself that this is pretty scary stuff, you are not alone. However, there is some positive news as well. By incorporating predictive security measures we can assess which assets are most susceptible to attack and which pose the highest degree of risk should they be compromised. This allows the government and other organizations to put the proper resources behind guarding against attacks on these critical systems. We will never stop all of the attacks, but if we can predict the most pressing areas, we can go a long way towards limiting the damage.
Back to the question I posed at the beginning of this post. Is cyber security about to become a big election issue? The President says: That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation. It sure looks like its heading in that direction which in my opinion is a good thing, and it’s about time.