While hackers, criminals, and rogue states have yet to cripple the U.S. cyber infrastructure, the threat is omnipresent as government agencies struggle day-in and day-out to keep a step ahead of attackers, according to sector leaders.
While hackers, criminals, and rogue states have yet to cripple the U.S. cyber infrastructure, the threat is omnipresent as government agencies struggle day-in and day-out to keep a step ahead of attackers, sector leaders told investors at a recent Washington-area innovation conference.
Speaking on a roundtable at last week's 2010 American Security Challenge awards ceremony in Arlington, Virginia, Gary L. Winkler, program executive officer for U.S. Army enterprise integration systems, said that the branch’s networks experience about 2 million spam e-mails or virus attacks daily.
Keynote speaker Debora Plunkett, director of the National Security Agency’s (NSA) information assurance directorate, said attacks across the government have "exponentially increased" in number in recent years, with thousands of network scans occurring every day, during the event's award ceremony.
In the new threat environment, various government agencies in need of help have turned to the NSA, which is historically responsible for protecting the U.S. government’s most sensitive data and for cracking foreign countries’ encryption methods, Plunkett said.
But the number of government agencies looking for the NSA's assistance have increased exponentially. “We can’t keep up with that demand either,” Plunkett said.
Like the CIA, Plunkett said that her agency is turning to the private sector to keep pace with threats. In addition to innovation, the NSA has developed a process of “trust engineering,” in which existing software programs developed by the private sector are evaluated by the NSA for vulnerabilities, which are then eliminated before the application is approved for use.
Roundtable panelist David R. Hale, chief privacy officer and senior counsel of online consumer trading company TD Ameritrade, acknowledged that existing, widely used identity assurance methods—like Social Security numbers—are not enough.
“What we use right now is inadequate,” Hale said “…We need to come up with some sort of method that works.”
Several of the event’s 12 awards went to cybersecurity firms, among them penetration testing vendor Rapid7 ; encryption firm CipherOptics ; application whitelisting company Bit9 ; Pikewerks , which offers application protection; and Oculis Labs , which manufactures products that prevent surreptitious viewing of sensitive data on computer screens.
♦ Photo called "Desktop Security," by highwaycharlie/Flickr