By Adam Janofsky
NATIONAL HARBOR, Md. – Retired U.S. Navy Admiral James Stavridis said Tuesday that there should be a new branch of the military that focuses exclusively on defending the public and private sectors against cyberthreats. Cyberattacks carried out by nation states such as Russia and North Korea increasingly are sophisticated and brash, said Mr. Stavridis, the current dean of the Fletcher School of Law and Diplomacy at Tufts University. A dedicated cybersecurity unit would help critical infrastructure operators, for example, prevent and respond to attacks that could cause widespread destruction, he said, speaking at the Gartner Security and Risk Management Conference here.
“What I worry about the most is our [energy] grid, which is quite vulnerable,” said Mr. Stavridis, who also previously served as the supreme allied commander of NATO and head of European Command.
Nation states, he said, have demonstrated that cyberattacks can destroy infrastructure and threaten lives.
For example, a team of Russian hackers in 2015 attacked three utilities in Ukraine, causing widespread blackouts in the country. U.S. government officials have warned that a similar attack could be carried out against the U.S. power grid and other critical infrastructure operators, The Wall Street Journal reported.
Additionally, Mr. Stavridis said the U.S. should work towards developing a cybersecurity infrastructure like that in Estonia, which has become a cybersecurity “citadel” after facing constant attacks from Russia.
“If we don’t get going on this, we will have a 9/11-level event. We will have a Pearl Harbor in this world,” said Mr. Stavridis.
Start With Cybersecurity Education. To modernize, the U.S. government and private sector must invest in cybersecurity education, he said. This was apparent in April when several members of Congress seemed not to understand the basics of cybersecurity when questioning Facebook Inc. chief executive Mark Zuckerberg about the misuse of user data, he said.
“Even at the highest political levels we don’t have the cybersecurity literacy that we need,” he said.
Children should learn computer science and cyber hygiene starting in elementary school, and STEM should be rebranded as STEMC – science, technology, engineering, math and cybersecurity, Mr. Stavridis said.
In the private sector, technology executives must continuously train and evaluate their employees and board of directors on cybersecurity. This can include basic education about issues such as phishing and password management, or it can be thorough simulations that test how people respond to a cyberincident.
“These drills run the spectrum of highly technical actual attacks to casual but useful brainstorming sessions [and you should] make them part of the routine in your enterprise,” said Mr. Stavridis.
Know How Your Data is Being Protected. Mr. Stavridis also said companies should take stronger measures to secure their data from cyberattacks, and that this should be a board-level issue.
Mr. Stavridis highlighted Pionen, a Swedish Cold War-era nuclear bunker built into a mountain that was converted into a data center in 2008, as an example of what companies should strive for when securing their most sensitive data. Some Wikileaks servers were moved to the Pionen data center in 2010, Forbes reported.
“It’s 100 feet below the surface of the earth, it has 16-inch armor all around it, it has three independent sets of generators, it’s temperature controlled, it’s never seen the internet,” said Mr. Stavridis. “Your data is probably not secured quite this safely, but you and your board of directors should know how your data is stored.”
Companies across industries should also develop programs similar to the Financial Services Information Sharing and Analysis Center and the Financial Systemic Analysis and Resilience Center, said Mr. Stavridis.
“Sharing information leads to a high degree of safe operations and hiding information leads to a dangerous environment,” he said. “If we share more information, we’ll create more collective security in this world.”
No comments:
Post a Comment