CARLISLE — If President Obama's proposed new agency to coordinate federal cybersecurity efforts leads to increased information sharing among government agencies and private companies, that will improve defenses against hack attacks all around, experts gathered here this week said.
The new Cyber Threats Intelligence Center announced Tuesday by Lisa Monaco, assistant to the president for homeland security and counterterrorism, would coordinate the expertise the government has that now is spread across the U.S. Cyber Command, the FBI, the National Security Agency, the Department of Homeland Security and other agencies.
Similar competing bureaucracy issues impacted terrorism intelligence before the 9/11 attack, and White House cybersecurity coordinator Michael Daniel wants to resolve problems before attacks on American companies like Sony's movie subsidiary become even more serious. The cyber threats agency will be modeled after the National Counter Terrorism Center, which was established after 9/11 to coordinate terrorism intelligence.
“It's great to get some focus on cyber security. What we're hearing in industry and government is that it all needs to be improved, and these are great steps moving forward,” Robert Clark, a cyber law fellow in the Army Cyber Institute at West Point told the Tribune-Review.
Clark is among more than three dozen cyber and legal experts from the military, government and private sector meeting this week at the U.S. Army War College in Carlisle to discuss cyber sovereignty. The Trib has been permitted to participate in the closed-door event.
Obama plans to host a cybersecurity summit at Stanford University on Friday, where he is expected to announce more details about the new cyber threats agency and government efforts to thwart hackers.
Hackers are likely to exploit more sectors of the economy and to attempt more disruptive attacks, said Ronald Plesco Jr., chair and co-founder of the National Cyber Forensics & Training Alliance, based in Pittsburgh's Second Avenue technology corridor.
The president's initiatives are making everyone more aware of the need to defend against computer attacks, Plesco said.
“I'm encouraged that it's a top-of-mind issue for the administration and for the agencies — DHS, NSA and others,” Plesco told the Trib after giving a presentation at the workshop. “… It's putting it into the mainstream.”
Hackers do not care about the legal or policy obstacles that prevent companies and the government from sharing information more openly, he said. They are just using malware and approaches to exploit vulnerabilities in systems.
With a growing dependence on the Internet, agencies and corporations need to set a solid foundation for governance of networks, Plesco said.
“The approach has to be eyes wide open,” he said, “and to understand all of the competing interests, which they're doing.”
U.S. companies have been bombarded by a series of damaging cyber incidents in recent years — some from nation states, others from criminal groups. The Sony hack resulted in a variety of different analytical papers from various federal agencies, all concluding North Korea was responsible but with varying degrees of confidence.
Unlike the National Counter Terrorism Center, which gets most of its information from intelligence agencies, the new cyberagency may rely to a much larger extent on private companies, which are regularly seeing and gathering cyberintelligence as they are hit with attempts by hackers to break into their networks.
Gathering threat signatures, and profiling hacker groups, has become a key component of collecting cyberintelligence — a discipline practiced by government agencies and private firms.
U.S. intelligence officials have been warning about the dangers of cyberattacks for years, and the public is starting to pay close attention.
Fifty-seven percent of Americans in a new Associated Press-GfK poll conducted Jan. 29-Feb 2 think there is an extremely or somewhat high risk of a foreign country or terrorist group making a major cyberattack on computer systems inside of the United States. That is more than the 50 percent who say the risk of a terrorist attack is somewhat or extremely high.
On the other hand, fewer Americans say the risks posed by computer hackers are important to them personally (57 percent) than say the same of terrorism (71 percent).
Just over half of Americans, or 51 percent approve of the way Obama is handling threats posed by computer hackers, the survey found.
Tom Arminio, professor of homeland security at Penn State University in Harrisburg, said “there's a lot more that people can do” to protect themselves — “everybody who uses a computer or cell phone.”
“My fear is complacency,” he said. “That we're getting so accustomed to hearing about daily cyber attacks that it's just the course of doing business, and it shouldn't be.”
The Associated Press contributed to this report. Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or [email protected].