The news on the cybersecurity front doesn’t sound so good, especially if you listen to a panel of experts discussing “America’s Online Enemies” at the 2017 Aspen Ideas Festival.
Cyberthreats are “more diffuse, more sophisticated, and more dangerous” than they’ve ever been, according to Lisa Monaco, who was President Obama’s homeland security and counterterrorism advisor. They’re more diffuse because of the number and range of bad actors in the cyber realm, more sophisticated because of the ever-expanding means they use to deploy cyber weapons, and more dangerous because these attacks are having increasingly destructive effects. These consequences could be “exponential,” said Monaco, with the growth of the internet of things — some 200 billion devices could be connected to the internet by the year 2020.
This could be more problematic to populations with more internet-connected devices, like the United States, noted Yasmin Green, R&D director for Jigsaw, a technology incubator within Alphabet (formerly Google) working on solving global security challenges through technology. “The better connected your citizenry and infrastructure are to the internet, the more vulnerable you are.”
At the same time, countries with well-defined rule of law and human rights principles, like the United States, are constrained in the ways they can protect themselves from cyberattacks, added Green, who explained how Jigsaw is taking on some of the responsibility of cybersecurity.
Dmitri Alperovitch, co-founder and CTO of the cybersecurity company CrowdStrike — and the person who revealed Russia’s hacking of the Democratic National Committee — is also worried about the destructive power of increasingly interconnected devices. He explained how cybercriminals can now find their way into devices and launch attacks just by connecting everything, citing the October 2016 denial-of-service attack that froze internet service across parts of the United States and Europe by flooding the web with fake requests.
“This is increasingly a big concern because the aggregate power of these devices, the number of devices, and the bandwidth they’re connected to create a very dangerous proposition, because if you’re on the receiving end of all of this it’s an avalanche of traffic few are actually able to cope with,” said Alperovitch.
Small websites and devices that don’t have sufficient protection, and whose owners may not be aware of such attacks, are particularly vulnerable to these “DDoS” attacks, added Green.
But there is some good news in cyber, the panelists agreed.
With close to 30 years experience in some areas, the US intelligence community is the best in the world when it comes to offensive cybersecurity measures, said Alperovitch.
Monaco echoed that thought, explaining the progress she saw during her four years in the Obama administration. Those working on cybersecurity took the approach of using lessons learned from counterterrorism approaches, committing use of all the tools necessary — financial, military, intelligence, and diplomatic — and calling to account state-sponsored harmful cyber activity from China, Iran, and North Korea.
Panel moderator Garrett Graff, who is executive director of the Cybersecurity & Technology Program at the Aspen Institute, pointed out that while there may be thousands of Nigerian scammers out there, the “elite hackers” — the ones who can cause the most damage — are actually quite few.
And while, in cyber, “defenders have to be right 100 percent of the time and attackers only need to be right once to succeed,” said Alperovitch, the opposite is true when it comes to tracking down a cybercriminal. That’s because they’re human, and when they attempt to attack again and again, they’re bound to make mistakes that will leave digital breadcrumbs — which unlike physical ones, will never dissolve and go away.
Still, there’s plenty of room for improvement in fighting cybercrime and combating cyber-intrusions such as Russia’s in the 2016 election, whose ballooning consequences were not known at the time to this Aspen Ideas panel. In the video clip below, each of the panelists answer the question: What more can be done?
Written by Catherine Lutz, guest blogger