LAS VEGAS Both white hat and black hat security researchers alike today received a soberingwarning from the Central Intelligence Agencys former director of operations: The opportunity hasnever been greater to foster governmentcybersecurity awareness, now that the threat paradigm at a national defense level has evolvedto include cybersecurity.
Cyber is going to be a key component of future conflict againstnations or terror groups.
Cofer Black, former director of operations, Central Intelligence Agency
During a keynote address at the BlackHat 2011 conference, Cofer Black urged the security community to influence and educategovernment decision makers, many of whom are ignorant of the threats posed by cybercriminals andnations carrying out online attacks that target major corporations, government agencies and thedefense industry.
The issues that youre involved in are today are of great value to decision makers, Blackstressed. That is huge.
Black said cybersecurity is prominent among the different categories, alongside kinetic andbacteriological attacks, featured the governments ongoing threat assessments. As a comparison, hesaid during the Cold War, intelligence agencies progressed from highlighting potential chemicalattacks, to later emphasizing bacteriological, radiological and nuclear attacks.
Black spent 28 years working for the CIA and was appointed director of the agencysCounterterrorist Center in 1999 and coordinator for counterterrorism for the Department of State.Hes seen the threat of the Cold War, the rise of terrorism and now threats to industry andnational security from online attacks. He cautioned that the signs are present and discussions arebeing held that allow for the contingency that physical, kinetic attacks could accompany serioushacks.
I am here to tell you the Stuxnetattack is the rubicon of our future, Black said. I cant say I understand how it wasexecuted, but the important point is this is expensive to pull off, which means a nation-state wasinvolved. Another important point is, things happening in your world may lead to physicaldestruction of national resources. This is huge.
Responses to cyberattacks, however, are tricky because of the difficulty in tracing the originof attacks and the lack of international coordination in such cases.
Cyber is going to be a key component of future conflict against nations or terror groups,Black said. The problem is decision makers dont understand the threats completely because theyhave not personally experienced them. They may hear it, but they dont believe it.
Blacks keynote comes a little more than a month before the tenth anniversary of the September11 attacks on New York and Washington. Black drew parallels between the intelligence gatheredpre-9/11 and what is happening with cybersecurity today.
In the years and months leading up to September 11, Black recalls the dismissive attitudedecision makers had about Al Qaeda and Osama Bin Laden, viewing the terror group and its leader asmore a of financier of terror, and not an initiator. The threat from Al Qaeda was labeled overblowninside some government circles and by the press as well. This remained the case, even as attacksescalated against Americans overseas, including the 1998 U.S. embassy bombings in Tanzania andKenya, and in October 2000 against the U.S.S. Cole.
Black Hat 2011
See all our news coverage and exclusive videos from BlackHat 2011.
Black recalls advising the Bush administration as the transference of power from the Clintonadministration began, that terrorism would be its greatest threat. However, Black said, there wasno personal experience, no validation of the threat, and it was downplayed. In the summer of 2001,as the volume of intelligence grew about a major impending attack on the U.S., decision makers werebriefed and advised to go to a war footing, yet, Black said, there were delays in taking actionbecause the threat had yet to be validated.
Mens minds have difficulty adapting to things they have not personally experienced, Blacksaid.
Blacks point is the lead-up to 9/11 may be analogous to whats happening with targetedpersistent attacks carried out against the defense industry and other high-profile targets.
The validation of that threat will come into your world, Black said. There is an analogy tothe tech world in all of this and the situation in your world is far more challenging than you mayappreciate.
0 comments:
Post a Comment