WASHINGTON -- Increasingly sophisticated and global cyberthreats along with unrelenting technology advances highlight the need for better cyberthreat intelligence, a former U.S. national security advisor told an industry summit today.
"We're now in a state of rising fear," warned Greg Rattray, CEO of Delta Risk, a cybersecurity consulting firm. "The neighborhood is getting tough." Rattray is a retired U.S. Air Force colonel who served as director of cybersecurity on the National Security Council during the second Bush administration.
Rattray, the keynote speaker at the Cyber Threat Intelligence Summit sponsored by the SANS Institute, said a growing number of high-profile, state-sponsored attacks -- like Stuxnet and last year's Iranian-launched Shamoon attack on Aramco, the Saudi state oil company -- have underscored the growing agility of cyberattackers targeting critical infrastructure along with denial-of-service attacks on banking networks.
"The risk is going up like crazy," Rattray warned, and there is little time between attacks to develop adequate defenses. For instance, he said when banks deploy new network defenses, adversaries often adapt within hours.
"The problem is not new," Rattray added. "It has sort of waxed and waned" since cyberspace emerged as a potential battleground in the late 1990s with the rise of networked applications and the U.S. military's shift to "network-centric warfare."
One constant has been the need for better cyberthreat intelligence, as determining the source of attacks has grown more difficult. Cyberdeterrence will remain an elusive objective, Rattray said, if defenders can't quickly determine who is attacking their networks. Hence, he said the need to collaborate across borders on cyberdefense has grown as enterprises increasingly seek to protect global supply chains.
Those efforts were slowed in the 2000s, Rattray said, when military resources were shifted to the wars in Afghanistan and Iraq. At the same time, what he called an "Internet underground" emerged that was initially criminal in nature but has since been "turned over" to state-sponsored attacks.
"As the underground grows," Rattray cautioned, "the risk grows."
The castle walls are eroded [and] the enemy is inside the gates.
Greg Rattray, CEO, Delta Risk
Advanced, persistent cyber threats again emerged beginning in about 2007, he said. "Persistence was obviously the big thing," replacing one-off attacks. Moreover, cheaper connectivity has spawned vulnerable global networks in which suppliers like military contractors are now under siege by sophisticated hackers.
In addition, the proliferation of mobile devices has fueled new forms of electronic warfare that Rattray labeled "waveform attacks" against low-power mobile devices. He noted that these types of attacks are relatively easy to mount as a way to disrupt communications by essentially jamming RF transmissions from mobile phones.
"The castle walls are eroded [and] the enemy is inside the gates," Rattray told attendees. And while many attacks are persistent, he said others take the form of hit-and-run "guerilla conflicts."
All this, Rattray said, underscores the need for enterprises and network administrators to aggressively manage emerging operational risks. He urged security experts to work more closely with their IT and systems management counterparts to gain a better understanding of threats and risks.
Closer collaboration would give cyberintelligence experts more opportunities to share threat information and manage risks, he added, while gaining a better understanding of when to shut down critical networks.
One possible solution to the intelligence deficit is the creation of what Rattray dubbed "full spectrum geeks" who understand both the nature of cyberthreats and the constantly changing technology environment. These "cyberrisk managers" could ultimately produce the risk assessments government agencies and corporations need to weather new types of cyberattacks.
Despite the growing cyberthreat and the need for better cyberintelligence, Rattray cautioned against exaggerating the situation. The former Air Force officer also argued against militarizing cyberspace by developing a U.S. national cybersecurity offensive capability. Such a move, he warned, would only prompt a similar military response from other countries, potentially further escalating the conflict.
While there was agreement here that the phrase "cyberwar" has been overused, industry observers stressed the need for continuing vigilance. "There is a cyberconflict, and we are losing," said an executive with Invincea, a cybersecurity firm based in Fairfax, Va., who declined to provide his or her name. "It's death by a thousand cuts."