The Pentagon is increasing its cybersecurity force fivefold after a series of hacking incidents that have originated in China and other places. In recent months U.S. businesses and newspapers have also been compromised. Suspects include organized rings and teenage hackers from Russia, Eastern Europe and the Middle East. Increasingly the U.S. government and businesses are taking steps to better protect themselves. Ann Thompson reports in Focus on Technology.
One way to learn about cyber security is to undermine it. At the University of Cincinnati, students from a wide variety of disciplines including I-T, business and criminal justice create pretend scenarios. They target somebody to hack, figure out the techniques to do it, while other teams defend the attacks. Information Technology Associate Professor Mark Stockman and Political Science Department Chair Richard Harknett look at one group’s point point presentation.
Before their planning even began the class heard from the U.S. Cyber Command, Department of Homeland Security, GE Infrastructure, Kettering Police, and the Chicago- based Penetration Tester. This class is very timely.
Just this year The Department of Energy was hacked, so was The Federal Reserve. The Pentagon has pledged to increase its cybersecurity force fivefold from 900 people to 49-hundred troops and civilians, knowing government secrets are at risk.
“If you’ve ever looked at pictures of the Chinese cruise missiles it looks very much like ours. And the Chinese drone looks like ours. Where’s that coming from? It’s coming from the loss and theft of intellectual property.”
Harknett says if people outside the U.S., at very little cost, can get the information and steal our ideas, it puts them way ahead. The New York Times, itself hacked by the Chinese to get access to Chinese sources, says thousands of companies have been hacked in the last few years. Most don’t’ report it. Among those subject to reports of online attacks …Exxon Mobile, Royal Dutch Shell, BP, ConocoPhillips, Coco-Cola, and more.
Professor Stockman says we’re hearing more about hacking but there is probably more of it.
“A lot of IT professionals were ashamed that their company had been hacked so they had kept it hidden. It’s something different in the physical world. If you’re store gets broken into you call the police. That’s just what happens. But in the digital world that doesn’t happen. You find a lot of companies who just don’t report these things. That’s one of the efforts the federal government is trying to give, the sharing of information when things happen we can do a better job of protecting ourselves.”
But how far to protect. The President’s executive order would create wider sharing of government data on hacking for things like power grids. Bloomberg News also reports it directs the government to develop voluntary cybersecurity standards. But how far do you go? 85% of the infrastructure is private. The cybersecurity act failed to pass last year. Harknett says it would have mandated very moderate levels of security standards. The Chamber of Commerce was against it.
“It made sense in the old time when you said the U.S. has a border and we have a military to protect that border. But who protects G-E’s border or 5th 3rd’s border? Well these are companies. These are company borders, but the functioning of those big corporations and how they impact our economy has a national effect, so, if they are vulnerable to attack, it’s not just their company that is vulnerable, but our entire economy.”
Who is doing the hacking? Our government says much of it is coming from the Chinese government. Reuters also implicates Russia, Eastern Europe and the Middle East. Stockman says hacking isn’t very hard these days, a middle schooler can do it with some hardware from the local computer store and a software program. There is a local effort to report hacking through the Department of Homeland Security.
“Where we have somebody relatively local here who’s working with businesses to try to get them to share information, so the idea is you get hacked, if you see something happening you then give it to this central contact person. They feed it into a large data base and they can figure out where things are coming from and what’s coming next that the federal government can help industry in protecting themselves.”
The UC students are realizing just how difficult a job it is to protect the government and industry from attacks. Nate Shelton is a 4th year criminal justice and policy science major.
“It’s just interesting how the defense has to cover all these holes where the offense only has to find one.”
IT major Taylor Lord is more interested in how hackers are accomplishing what they do, because he says there’s always going to be exploits.
“So regardless of what technology somebody uses there is always going to be something that causes a problem regardless wither it’s a government agency or a large corporation.”
Andrew Eaves sees many solutions.
“There’s no silver bullet, no one answer. It’s kind of a collective. It’s coming together with the right solution and the right patchwork of ideas that will strengthen everybody. I don’t think there will ever be one end all, be all.”
It’s hard to know what cyberattacks are costing us. Moneyweek reports, consider this just one case, the hacking of Sony’s PlayStation network two years ago, adding up lost sales, legal fees and other costs totaled 170-million.
