WASHINGTON — As both financial operations and the military increase their presence in cyberspace, the security of such information is vulnerable to increasing cyber threats so Congress should require standards to maintain cybersecurity, the head of U.S. Cyber Command says.
Gen. Keith B. Alexander and other cybersecurity experts told an audience at the conservative American Enterprise Institute on Monday that there were 198 cyberattacks on U.S. infrastructure last year, a staggering increase from just nine in 2009. Such attacks are not just increasing, but also becoming more damaging.
“These disruptive attacks are turning into destructive ones,” Alexander said.
A disruptive attack can shut down a system, but it can be fixed and brought back up again. However, a destructive one can permanently destroy a system by damaging the hardware, said Alexander.
When critical U.S. infrastructure is compromised by a destructive cyberattack, it can paralyze a region or even a country and cause a catastrophe as devastating as “another Pearl Harbor,” said Alexander.
However, Jim Harper, a founding member of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee who also is a researcher at the libertarian Cato Institute, disagreed with Alexander’s assessment.
“The systems can be put back up on a short order,” Harper said.
It is not only the federal government that’s been the subject of cyberattacks. Many big private companies, including Sony and Nissan, have had their computer systems hacked into in the past few years.
Cyberattacks on private companies include theft of intellectual property, and it has cost companies significant sums.
“Greatest transfer of wealth in history,” said Alexander, noting that companies have lost $388 billion to cyberattacks and have spent about $1 trillion on remediation.
With the nation’s prosperity and security being threatened, Alexander urged federal action. “We’re the ones who created this technology, we ought to secure it,” he said.
He endorsed cyber legislation that proposes information sharing between private companies and the government as well as devising a standard to safeguard systems operating in cyberspace.
Under the proposal, private companies would alert the government when they detect malware. Upon detection, the company would provide the government with such information as the type of malware, its origin and destination through online networks so that federal officials could take precautionary steps to prevent the malware from penetrating other systems and future attacks.
Alexander proposed a “Huckleberry Fin approach” for setting up the standard to safeguard systems operating in cyberspace, which would mean getting as many systems manufactures and users to provide security input.
However, Jeff Snyder, vice president of cyber programs at Raytheon Co., said “supply chain security” would be a better solution because its safeguards against cyber attacks can be embedded on the processor level.
Cyber legislation is an internal measure to safeguard the U.S. from cyber attacks, but Adam Segal, a senior fellow at the Council on Foreign Relations, recommended an international approach.
“There are no shared red lines between China and the U.S.,” said Segal, who supports discussions with other countries for long-term cybersecurity. “There should be rules of the road.”