Cyber threats are spreading, becoming more dangerous
- By William Jackson
- May 13, 2014
Cyber threats are becoming not only more dangerous, they are falling into the hands of more people, said former White House security advisor Tom Donilon.
“We have to assume that the sophistication and prevalence of threats are going to grow,” Donilon told an audience Tuesday at the FOSE technology trade show in Washington, D.C., presented by 1105 Media, parent company of GCN.
The threats are coming not only from nation states and organized criminal groups, but also from individuals, as is evidenced by the actions of former National Security Agency contractor Edward Snowden. That has been “tremendously damaging,” he said.
Donilon discussed the cyber threat landscape in a wide-ranging, onstage interview with Washington Technology editor Nick Wakeman.
Agencies need to learn the lessons of the Snowden breach, an insider threat that illustrates the importance of implementing cybersecurity at the individual level, Donilon said. “We need to ask, ‘How did this happen, what were the security flaws and what needs to be done to ensure that it doesn’t happen again?’”
Snowden's actions have done damage on a number of fronts, but the more lasting is that done to the U.S. technology industry. Because data was being gathered by the NSA from large American Internet and communications companies, U.S. technology is now suspect.
“In the wake of the revelations, rebuilding trust in the organizations, both public and private, and in the programs is essential,” Donilon said. Other threats -- which include cyber espionage, criminal activity, theft of intellectual property and attacks on critical infrastructure -- also need to be guarded against.
Protecting critical infrastructure is the joint responsibility of the public and private sectors, he said. Some progress has been made, but much remains to be done in the implementation of best practices and information sharing.
In the absence of congressional action on critical infrastructure protection, the administration has produced a framework that promotes the voluntary adoption of best security practices by privately owned and operated infrastructure.
We cannot assume that any cyber threat will be confined to any actor, and proliferation among organizations and nation states must be expected, Donilon said. To counter them, we need more dynamic, cooperative security efforts, based on international norms of online behavior.
William Jackson is freelance writer and the author of the CyberEye blog.