Posted June 20, 2013
Federal efforts to block cyberterrorism need more teeth and should focus more on going after threats instead of concentrating on protecting vulnerabilities, according to several top cyber experts speaking at a recent panel sponsored by the American Bar Association.
The cybersecurity panel on June 21 was part of the ABA Homeland Security Law Instutute conference. The speakers were high-level current and former government cyber experts. Here are some of their comments.
Steven Chabinsky, senior vice president of legal affairs at CrowdStrike, which helps companies prevent cyberattacks, and a former deputy assistant FBI director working in the Cyber Division:
“It’s not a victim problem.” The U.S. should “ultimately go after a threat-centric strategy to find and sanction” terrorists and others intent on attacking America’s public or private cyber infrastructure, Chabinsky said. “It’s a threat problem, not a vulnerability problem.”
He said terrorists are waging an “electronic jihad” focused on America’s economy and power, with the electric power grid a particularly appealing target.
Chabinsky also said the current debate on how much government information related to the grid should be made public ignores what terrorist groups already know, based on their own websites and recruiting materials.
“This is viral,” he said, showing a jihadist website that urges cyberattacks on the U.S. power infrastructure. “This is what terrorists who are growing up are looking at.”
Cyberthreats include attacks on the confidentiality of data, the availability of the network and the integrity of the network.
Chabinsky warned that assumptions that malware’s dangers are mainly around intellectual property theft ignore the fact that malware disturbs systems that can then be taken over.
Stewart Baker, a partner at the Washington law firm Steptoe and Johnson and a former assistant secretary for policy at the Department of Homeland Security, shared Cabinsky’s concerns.
He agreed that the government has not done enough to pursue those who have committed cyberattacks.
The has been a “failure of responsibility for the government to find and stop the people who are attacking us,” he said.
He said federal regulations prevent companies from disabling servers of those attacking them and suggested federal authorities “work with the people under attack instead of prosecuting them.”
Leonard E. Bailey, special counsel for national security, computer crime and intellectual property at the Justice Department:
Bailey said a new presidential executive order, signed in February, offers some solutions.
It provides framework for the government to work with the private sector to protect critical infrastructure from cyberattacks. It offers voluntary protections for companies, he said.
Evan Wolff, a partner at the law firm Hunton and Williams and a former special assistant to the assistant secretary for infrastructure protection at the Department of Homeland Security, called the order a “call to action for information-sharing:”
It offers an incentive for companies to adopt cybersecurity standards.
Wolff also emphasized the role of the Department of Homeland Security, saying it is central to cybersafety.
Ellen Shearer is co-director of the National Security Journalism Initiative, as well as the William F. Thomas Professor of the Medill School of Journalism, Media, Integrated Marketing Communications at Northwestern University. She teaches in the school’s Washington Program. Before joining the Medill faculty, she was a senior editor at New York Newsday, a consulting editor at Newhouse News Service, marketing executive at Reuters, and held positions as senior executive, bureau chief and reporter at United Press International.
