Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Analysis: Gov't must 'modernize' cyber defense
Thursday - 2/9/2012, 6:14pm EST
Larry Clinton, the president of the Internet Security Alliance, testified before the House Energy and Commerce subcommittee Wednesday on the evolving cyber threat and the role of the private sector in responding to it.
In his remarks, Clinton, who joined In Depth with Francis Rose for an interview, said government and industry need to "modernize our notion of what constitutes cyber defense," and that the biggest challenge isn't technological but economic. "The single biggest problem in combating cyber threat is not technical, it is cost," Clinton told the committee.
He described a "dramatic change" in the cyber threat over the past two years.
Rise of the APT
"Our main concerns are not 'hackers' or kids in basements," he told the House panel. "The fact that a cyber system has been 'breached' is no longer the metric that determines a successful cyber attack."
Instead, Clinton pointed to increasingly sophisticated individuals and groups, including "hacktivists," and rival nation-states. Taken together, this constitutes what cyber experts refer to as the Advanced Persistent Threat (APT), he added.
"These are the pros," he told In Depth. "They're highly educated, well-funded, well-organized, often nation-state-supported hackers using whole suites of very sophisticated that will compromise any system that they target."
In his House testimony, Clinton said the APT-style attacks have become "the major focus" of many in the private sector, in no small part because these sophisticated hackers have branched out from the defense sector in looking for potential targets.
"So we need to really rethink our notion of cybersecurity," he told In Depth. "A perimeter defense doesn't work anymore. We need to focus on the technology and the economics and come up with a more engaging and modern system of cyber defense."
While a more robust cyber defense doesn't only boil down to how much money is spent, Clinton called the numbers "dramatic."
The private sector spends about $80 billion a year, he said, citing recent statistics from the Ponemon Institute. "By comparison, the Department of Homeland Security's entire budget — not cyber but their entire budget — is $57 billion," he added. "We need to find a way to manage our costs to keep up our defenses."