Cybercom Chief: Culture, Commerce Changing Through Technology
By Claudette Roulo
American Forces Press Service
WASHINGTON, Oct. 12, 2012 Over the past six or seven years, cyberspace has undergone a tremendous transformation, the commander of U.S. Cyber Command said Oct. 11 at the United States Geospatial Intelligence Foundation’s GEOINT 2012 conference in Orlando, Fla.
Network convergence -- the consolidation of analog networks into a digital network -- is driving cultural change and commercial innovation, Army Gen. Keith B. Alexander, also the director of the National Security Agency, said.
Everyone is connected to the network, Alexander said, even his two-year-old grandson, who on his own has figured out how to turn on an iPad and use Skype to call his grandmother.
“Now think about that,” the general said. “Think about the tremendous change and the opportunities.”
Commerce and communications are increasingly reliant on the digital network, he said, noting global mobile traffic has already reached 20 petabytes of data sent this year. A petabyte is equal to one quadrillion [1 followed by 15 zeroes] bytes.
“The opportunities are endless,” Alexander said. “This is something we should welcome with open arms.”
But with these opportunities come some “huge” vulnerabilities, he said.
According to a study by Symantec Corp., maker of Norton anti-virus products, 72 percent of Americans have been hacked, Alexander said.
“My assessment is it’s actually higher,” he added. “That’s what we know about. What we see is most companies don’t know that they’re hacked.”
Companies that have been hacked in the past two years include Master Card, Visa, Symantec, Google, Citi and Sony, Alexander said. The intellectual property being stolen amounts to the greatest transfer of wealth in history, he added.
The costs of cybercrime are huge, Alexander said, averaging about $290 per victim and resulting in billions of dollars in losses a year.
Malware, or malicious software, is on the rise, he said, noting a study by the McAfee Co. that reported 1.5 million new pieces of malware since the first quarter of 2012.
Botnets send approximately 89 billion spam emails every day, Alexander continued. Botnets are collections of computers whose firewalls have been breached by malware and are being controlled by a third party for malicious purposes.
“Roughly 25 percent of what we see on the network is spam,” he said.
Mobile malware also is on the increase, Alexander said. In one four-month period, the number of exploits for Google Android phones increased 500 percent, Alexander said.
Government and industry need to join together to combat the ongoing theft of personal data, intellectual property and other resources, he said.
“Ninety percent of cyberspace is owned and operated by industry,” Alexander said. “But the government depends on that space to operate.”
Hackers are shifting from theft to destruction, he said, and this represents a serious threat for which the U.S. needs to prepare.
The first step in preparing the country is better training for the people who defend the network, Alexander said. The second is defensible architecture.
“That starts out with a thin-virtual [-client] cloud environment,” the general said. The NSA, he added, has built a cloud system called Accumulo using a hybrid of both open-source and encrypted software.
“[When] you have a patch, you push it out to the cloud and ... at network speed you can essentially patch the network,” Alexander said. “You have erased that vulnerability from your system. That’s huge.”
The speed with which patches are applied is crucial to ensuring network security, he said, because hackers use news about vulnerabilities to exploit unpatched computers and networks.
“We need to close that window,” Alexander said.
To do that there needs to be a way of sharing information between the government and industry, he said.
“That’s a problem,” Alexander said. “How do you do that? The answer is, ‘Well, we can’t do that easily.’ So, we need legislation.”
There are ongoing efforts to obtain such legislation, he said, adding that he expects Congress to address cybersecurity legislation again next year.
An attempt to develop national cybersecurity legislation failed in Congress earlier this year. The failure was due, in part, Alexander said, to Congressional concerns revolving around the roles of the Department of Homeland Security and the NSA.
The government doesn’t want to hamper industry, Alexander said, noting it just makes sense for government and industry to work together because “everybody’s being hacked.” The issue comes down to the role of business and the role of government, he said.
“We need to solve this before there’s a big problem,” the general said, “because after there’s a big problem, we’re going to race to the wrong solution.”