How Vulnerable Are We To A Cyberattack?

Because the United States is the most Internet-dependent and automated in terms of supply chain, banking, transportation-control systems and other modern facilities, it’s also the most vulnerable to cyberattack, Clarke argues. And the military’s dependence on the Internet also means it would be vulnerable to disruptions of it.

From Fox Business “Cyber War”‘ author: U.S. needs radical changes to protect against attacks” April 7th, 2010

The threat of cyberattacks is one that we hear about and often equate with whimsical commercials in which a weary looking, non-shaven everyday Joe speaks in a high-pitched valley girl voice about using a credit card to pay for a prom dress and various other sundries which contradict the video images we are watching.

I am of course talking about the highly entertaining Citibank ads, such as the one below regarding identity theft.

However, in the virtual realms of a world in which countries such as the United States is considered to be the most dependent of any nation, the risks are anything but amusing.

In fact both the threat and consequences of a cyberattack or even a cyberwar are serious enough to warrant what Karen Evans, former de facto federal CIO under the Bush administration called a “focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks.”

Providing her take on this important issue in an April 7th, 2010 article from the San Francisco Chronicle titled “After Google-China Dust-up, cyberwar emerges as a threat,” Evans went on to suggest that “the time has come for the government to formalize a national policy for dealing with cyberthreats,” including “which cyberattacks will be considered an act of war, establish who’s in charge among the different federal agencies that would respond to a cyber crisis, and spell out when they are allowed to use that authority.”

In line with Evans’ thinking relative to the need for taking immediate action Richard Stiennon, whose new book Surviving Cyber War examines in depth the major recent cyberattacks that have taken place around the world, highlighted in an April 13th, 2010 post on his ThreatChaos.com Blog the historic influences of why the virtual world may very well be a defining global battleground.

Specifically, Stiennon referenced a Washington Post position piece by retired Navy Admiral and  one time Director of National Intelligence, Mike McConnell, who used the outcome of the Cold War to illustrate why the threat is greater than many of us estimate.

While the threat of a nuclear holocaust drew the greatest attention, according to McConnell what is often overlooked is how the war was actually won.  Citing “many theories” surrounding the reasons why totalitarianism succumbed to democracy and freedom, McConnell points  to what he called “the economic front.”  In short he contends, “The West outspent the Soviet Union.”

It was the “technology, innovation, and a massive arms buildup” that required the outdated Soviet infrastructure to make the parallel investments necessary to maintain a balance of power that eventually “impoverished the country to the point where internal strife pulled it down.”

Based on the above conclusions, Stiennon suggests that that best way to deal with the threat of a cyberattack is using economic levers as the primary deterrent mechanism, “by increasing the costs for the attackers through the improvement of defenses.

Richard Stiennon will be my guest on the May 7th, 2010 PI Window on Business Show on Blog talk Radio to talk about his book and the implications of cyberattacks, including his suggested solutions to the vulnerabilities that made (and make) these attacks possible.

What is the risk to our supply chains?

A more important question to ask is are we prepared to effectively respond to any risk, let alone cyberattacks, to our supply chain?

On the May 26th, 2009 (For Want of a Nail: The Pandemic Effect) and May 28th, 2009 (Securing Your Supply Chain) PI Window on Business, we discovered that the majority of organizations are ill prepared to deal with what the majority in the industry recognize as serious threats.

Citing a  McKinsey 2006 survey, almost two-thirds of the executives who responded indicated that the risk(s) to their supply chains has increased dramatically.  Yet despite this realization, a “significant number” state that their respective companies do not make the necessary investment of time and resources to mitigate said risk(s).

Perhaps recent events are the proverbial early warning call for the industry to finally take tangible and meaningful action.

About Richard:

Richard Stiennon is the founder of IT-Harvest, an independent IT security analyst firm, and the author of the security blog ThreatChaos.com. He is a holder of Gartner’s Thought Leadership award and was named “one of the 50 most powerful people in Networking” by Network World Magazine. He lives in Birmingham, MI.

Richard’s Book:

This book examines in depth the major recent cyber attacks that have taken place around the world, discusses the implications of such attacks, and offers solutions to the vulnerabilities that made these attacks possible. Through investigations of the most significant and damaging cyber attacks, the author introduces the reader to cyber war, outlines an effective defense against cyber threats, and explains how to prepare for future attacks.

Media Bite:

The Cybersecurity Challenge (The Chruchill Club, June 28th, 2009)

Remember to use the following link to tune into both the On-Demand and Live “Surviving Cyber War” broadcast on May 7th, 2010 at 12:30 PM EST.

30