The Blog

Cyber Warfare and the New Digital Arms Race

Cyberweaponry requires cyberdeterrence and new types of internet shields. Major U.S. corporations spend millions repairing damage from cyber infiltration, but devote hardly any resources to assessing potential risk sources and pre-emptive mitigation.
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

Between Pope Francis' extraordinary U.S. visit and Mr. Putin's double-down to save Syria's Assad, Chinese President Xi Jinping's state visit came close to becoming an "*" in the annals of major comings and goings. On 60 Minutes last evening President Obama devoted nary a word to China - not its South China Sea "sandperialism" nor its cyberespionage. President Xi is not too far off in anti-U.S. attitudes than his comrade Vladimir Putin. But unlike Russia, China has repeatedly attacked our homeland breaching our internet firewalls to a degree that is downright disastrous to our national security.

The worst kept secret in Washington is that China "cyberhacked" 5.6 million fingerprints and personnel files of federal employee files from the Office of Personnel Management. We're not talking run-of-the-mill civil servants. OPM has in its personnel files Americans who hold top secret clearances. This high crime and misdemeanor establishes the condition for decades of accelerated official Chinese blackmail and devious conduct against Americans most engaged in protecting the homeland against Chinese espionage.

According to recent testimony by James Lewis, Director of Strategic Technologies Programs at the Center for Strategic and International Studies before the House Committee on Foreign Affairs on September 30, 2015, Chinese cybercriminals -- private and public -- are responsible for more than half of all economic espionage against the U.S. -- more than all the countries of the world put together (mind you, it's no secret that the U.S. engages in similar attacks, as well). Russians prefer targeting U.S. financial institutions and drilling into State Department and political data - including President Obama's daily schedule which the Russians hacked right out of the White House's computer network sent across an unclassified computer network.

Rather than slap on economic sanctions as would be fitting, President Obama's kittenish National Security staff preferred holding the heavy artillery. Instead, China's audacious cyberespionage campaign did yield a tentative/tentative concession from Xi during his visit. China and the U.S. agreed not to direct or support cyberattacks that breach corporate firewalls for economic benefit. In plain English, Xi committed (as did the U.S.) to stop hacking into the corporate patents and trade secrets of U.S. companies. Who is going to bet the mortgage that Beijing will honor its pledge? I'd like to see NSC Adviser Susan Rice back this up with her mortgage -- fat chance -- even though she touted this as a significant accomplishment from the Xi-Obama Summit.

On October 19 at the Union League Club in New York the C3 Summit -- a major conference on cybersecurity and the palliative response of retooled "smart cities" -- will occur to address the threat of cyberthreats to our urban landscape. The conference will geographically focus on the tinderbox of the Middle East and how cyber risk mitigation can play a critical role pacifying the threat that cyberespionage and terror-laced social media by ISIS -- and a prescriptive internet landscape that could emerge to jump start new investment in the region. The conference will also address what major U.S. technologies are in development to thwart cyberwarfare. I am looking forward to vacuuming up the data from the conference to explore what more preemptive risk mitigation can be undertaken to protect American companies and those entities fighting terrorism to protect our national security.

For attribution I have no pecuniary gain, role, or responsibility for the C3Summit. It just happens to be loaded up with some interesting speakers and topics relating to this article.

The growing threat of destructive cyberattacks is evident from every corner of the globe. Whether it be from Iran, Cuba, North Korea, and Eastern European criminals hacking into your checking accounts, let alone Target or name a dozen other high profile consumer companies who thought they had credit card info under computer lock and key. Several years ago, the Kremlin launched a debilitating cyberattack against Estonia...crippling its entire internet network, government computers, and financial institutions. Just a taste of things to come. According to today's Wall Street Journal, at least 29 countries have formal military or intelligence units dedicated to offensive hacking efforts. The so-called digital battlefield includes a range of funny sounding, but ominously deadly names and acronyms that are invented and reinvented in a constant struggle to breach the best of computer network defenses.

Cybercrime is cyber terrorism. Just think what the Pentagon has to contend with. Hackers only have to succeed once in their attack, while defenders have to maintain a 24/7 vigilance. The rate of serious attacks that have destroyed networks, stolen classified info, infiltrated personal data, or robbed sizable sums from financial institutions from 2009 to 2014 is 66 percent. The Department of Homeland Security recently awarded a massive cybersecurity contract to Raytheon to the tune of $1 billion to create an "impenetrable" cyber fire wall against the onslaught of attacks. Raytheon also is in the vanguard of attracting the best counter-hacker talent. It is a finalist in a $2 million Grand Cyber Challenge -- a competition initiated by the Defense Department's cyber research arm.

What Raytheon and other IT companies are undertaking takes on even greater importance in the age of "the Internet of Things." When your smartphone becomes the remote control for your bank account, to your prescription drug ordering or from your home security switch to your car ignition -- the grim hacker possibilities grow exponentially.

Countries, like corporations, have been woefully reactive to cybercrimes. IT professionals barely can stay one step ahead of devious cybercriminals, many of who are on the payroll of our adversaries. Creating malicious code in the guise of "phishing" or malware has reached such epidemic proportions that many of my friends' email addresses and their address books have been usurped with innocent looking links, which are anything but. How many of you have received emails from friends barely avoiding clicking on a link that may innocuously say something like "take a look at our latest pix from vacation."

Cyberweaponry requires cyberdeterrence and new types of internet shields. Major U.S. corporations spend millions repairing damage from cyber infiltration, but devote hardly any resources to assessing potential risk sources and pre-emptive mitigation. Cybersleuthing represents a new 21st-century opportunity for risk assessment firms which can provide crucial intelligence and help map out for unsuspecting corporations likely sources of criminal cyber mischief. The urgent need for cybersecurity firms to retool themselves in order to implement deterrence and pre-emptive cyberattack warning salvos is growing by the day.

Popular in the Community