Has The US Become Complacent About Resisting Cyber Attacks?

Uploaded on 2015-12-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The disclosure that Russia was responsible for penetrating the unclassified email system used by the US Joint Chiefs of Staff should be disconcerting.

Unfortunately, many accounts of cyberattacks these days seem to produce yawns. A major Hollywood studio discovered its computers ruined; a sensitive US government trove of personnel information was stolen; corporate secrets were hacked and used for insider trading; major retailers and a health-care provider were looted of customer data — yet the United States has been complacent and lazy in responding.

The attacks on the private sector have been unrelenting, and the onslaught against Sony Pictures Entertainment, discovered in November, which President Barack Obama blamed on North Korea, seemed to ignite a new determination in Congress to act. The House passed legislation and, before the August recess, the Senate seemed poised to consider a bill that would facilitate sharing information between government and business about malware on the private networks. The bills are no panacea, and privacy concerns remain an issue, but progress was evident before the recess. Hopefully momentum won’t be lost this autumn.

At the same time, signals from the Obama administration about responding to the theft of some 22 million sensitive records from the Office of Personnel Management are ambivalent. This was the largest cyberattack on the U.S. government in history, giving those who stole the data, probably Chinese spies, access to confidential questionnaires used in applications for government security clearances. 

According to a report in The New York Times, administration officials want to retaliate but have not settled on how: whether economic sanctions, public protests or a retaliatory assault in cyberspace. The officials are also justifiably concerned about escalating a conflict with China. A debate over how to respond to the OPM theft highlights some of the hard choices facing the United States in this new era of digital conflict. Among the most important questions: How can the United States deter others from such rampant assaults?

Cyber conflict does not fit neatly into other types of war, espionage and crime. It is asymmetrical, favoring a smaller, stealthy attacker over the defender. The concept of deterrence from the nuclear age — the idea of two cocked pistols preventing either side from shooting — offers limited comfort in a conflict in which attackers often can avoid identification until long after an attack. 

US cyberweapons are still largely secret and embedded in the intelligence community, precluding open debate or public notice. Yet another brake on using these weapons is the possibility of retaliation that could cause more harm to vulnerable US networks. Still, it is past time to think about what kind of actions will bolster deterrence. Doing nothing is not an acceptable option. The United States needs to give cyber attackers real pause and a credible threat of certain retaliation, one that can be seen in public as well as felt in private. So far, it does not appear to exist. And the attackers are not so lazy.

Ein News

 

 

« First Ever EU Rules On Cybersecurity
Gateway For Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

Totaljobs

Totaljobs

Totaljobs is the UK’s largest hiring platform. We have over 280,000 live jobs adverts on our site, helping you to find any type of job in any industry, including cybersecurity.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

NTIC Cyber Center - USA

NTIC Cyber Center - USA

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

PKF Infuse

PKF Infuse

PKF Infuse provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.