Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Analysis: Gov't must 'modernize' cyber defense
Thursday - 2/9/2012, 6:14pm EST
Larry Clinton, the president of the Internet Security Alliance, testified before the House Energy and Commerce subcommittee Wednesday on the evolving cyber threat and the role of the private sector in responding to it.
In his remarks, Clinton, who joined In Depth with Francis Rose for an interview, said government and industry need to "modernize our notion of what constitutes cyber defense," and that the biggest challenge isn't technological but economic. "The single biggest problem in combating cyber threat is not technical, it is cost," Clinton told the committee.
He described a "dramatic change" in the cyber threat over the past two years.
Rise of the APT
"Our main concerns are not 'hackers' or kids in basements," he told the House panel. "The fact that a cyber system has been 'breached' is no longer the metric that determines a successful cyber attack."
Instead, Clinton pointed to increasingly sophisticated individuals and groups, including "hacktivists," and rival nation-states. Taken together, this constitutes what cyber experts refer to as the Advanced Persistent Threat (APT), he added.
"These are the pros," he told In Depth. "They're highly educated, well-funded, well-organized, often nation-state-supported hackers using whole suites of very sophisticated that will compromise any system that they target."
In his House testimony, Clinton said the APT-style attacks have become "the major focus" of many in the private sector, in no small part because these sophisticated hackers have branched out from the defense sector in looking for potential targets.
"So we need to really rethink our notion of cybersecurity," he told In Depth. "A perimeter defense doesn't work anymore. We need to focus on the technology and the economics and come up with a more engaging and modern system of cyber defense."
While a more robust cyber defense doesn't only boil down to how much money is spent, Clinton called the numbers "dramatic."
The private sector spends about $80 billion a year, he said, citing recent statistics from the Ponemon Institute. "By comparison, the Department of Homeland Security's entire budget — not cyber but their entire budget — is $57 billion," he added. "We need to find a way to manage our costs to keep up our defenses."