ANAHEIM, Calif. -- Earlier this month Internet and email giant Google warned thousands of users that attacks, potentially state-sponsored, had been underway against their Gmail accounts. Later this month news then broke of a significant cyberattack launched at the computer systems of Saudi Aramco, Saudi Arabia’s largest oil company. Many are pointing fingers at Iran as being behind that attack.
If you aren't hearing from your government representatives about cybersecurity, go knock on their door.
Howard Schmidt, former White House Cybersecurity Coordinator
Speaking in Anaheim on Friday at the Information Systems Security Association conference, former cybersecurity Czar Howard Schmidt said one of the biggest challenges going forward for the government, as well as for security professionals, is how such attacks are changing the nature of crime, espionage, and war.
“The nation state is cloak and dagger. It’s spy vs. spy. It’s typically been about stealing state and military secrets, and if they came across business secrets they didn’t turn it over to their private sector. That’s starting to change now,” Schmidt said. “Now, we have [presumed] state-sponsored attacks going after the private sector,” he said.
Schmidt made it clear that the terms industry and government use to describe these attacks can (and have) change how both business and government will respond to the attacks. After September 11, 2011, Schmidt recalled how cyber-”terrorism” was the popular term. But not without consequence. Schmidt recalled that back then, when government officials met with business leaders to discuss ideas how to fight cyberterrorism, the private sector viewed terrorism as primarily a government concern. “What we call these acts is important, and cyberwar is no different. It isn’t a special kind of war, it’s just another mechanism to conduct conflict,” he said.
Despite all of the negative news headlines about breaches, cyberespionage, and state-sponsored attacks Schmidt made it clear that security professionals, despite the steady drumbeat of setbacks, are winning the longer war. “Security professionals day after day, not withstanding disruptions, still keep the machine running. We are able to do online banking and shopping most of the time - and it's a direct result of the security professionals,” he said.
Bruce Schneier on cyberwar
"What we're seeing I think is a broad use of war-like tactics in broader cyberconflicts. So, whether it's espionage or a criminal attack or a government attack, or kids playing politics; they're all using the same stuff. They're all using the same vulnerabilities; they're attacking the same operating systems and we don't have a good definition." Watch the video.
Still, Schmidt stressed the importance of public and private sector collaboration to best fight the threats of nation-state attacks and theft on intellectual property. The government and private industry must work together - this has to be a shared responsibility, he said. And he urged the audience of security professionals to get involved. "If you aren't hearing from your government representatives about cybersecurity, go knock on their door,” Schmidt added. "It does influence their thinking, and we can really step up our game to make sure that they get it.”
Schmidt was the cyber-security coordinator for the White House until his retirement at the end of May of this year. One of his most notable recent achievements was the creation of the National Strategy for Trusted Identities in Cyberspace, which aimed to provide a way to create a broadly used and trusted online authentication method.
About the author:
George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.