Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
Analysis: Gov't must 'modernize' cyber defense
Thursday - 2/9/2012, 6:14pm EST
Larry Clinton, the president of the Internet Security Alliance, testified before the House Energy and Commerce subcommittee Wednesday on the evolving cyber threat and the role of the private sector in responding to it.
In his remarks, Clinton, who joined In Depth with Francis Rose for an interview, said government and industry need to "modernize our notion of what constitutes cyber defense," and that the biggest challenge isn't technological but economic. "The single biggest problem in combating cyber threat is not technical, it is cost," Clinton told the committee.
He described a "dramatic change" in the cyber threat over the past two years.
Rise of the APT
"Our main concerns are not 'hackers' or kids in basements," he told the House panel. "The fact that a cyber system has been 'breached' is no longer the metric that determines a successful cyber attack."
Instead, Clinton pointed to increasingly sophisticated individuals and groups, including "hacktivists," and rival nation-states. Taken together, this constitutes what cyber experts refer to as the Advanced Persistent Threat (APT), he added.
"These are the pros," he told In Depth. "They're highly educated, well-funded, well-organized, often nation-state-supported hackers using whole suites of very sophisticated that will compromise any system that they target."
In his House testimony, Clinton said the APT-style attacks have become "the major focus" of many in the private sector, in no small part because these sophisticated hackers have branched out from the defense sector in looking for potential targets.
"So we need to really rethink our notion of cybersecurity," he told In Depth. "A perimeter defense doesn't work anymore. We need to focus on the technology and the economics and come up with a more engaging and modern system of cyber defense."
While a more robust cyber defense doesn't only boil down to how much money is spent, Clinton called the numbers "dramatic."
The private sector spends about $80 billion a year, he said, citing recent statistics from the Ponemon Institute. "By comparison, the Department of Homeland Security's entire budget — not cyber but their entire budget — is $57 billion," he added. "We need to find a way to manage our costs to keep up our defenses."