Cyberespionage Carries High Cost to U.S., Experts Say

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.govtech.com/security/Cyber-Espionage-Carries-High-Cost-to-US-Expert-Says-.html

In 2003, Chinese cyber espionage of the U.S. Department of Defense computer
system led to a theft of data equal to 20 percent of all the information
stored in the Library of Congress, Joel Brenner told those attending the
Domenici Public Policy Conference on Thursday in Las Cruces.

Despite efforts to boost security, the same thing happened again in 2012,
explained Joel Brenner, former head of U.S. Counterintelligence for the
Director of National Intelligence and former senior counsel and inspector
general for the National Security Agency.

"We're being taken to the cleaners, and it's happening for same set of
technical and cultural reasons," Brenner said.

Brenner said when the Internet was first invented, it was intended as a way
for a small group of researchers to be able to share information with each
other. Until 1992, it was actually against the law to use the Internet for
commerce.

"They did think about building a substantial security element into it, but
they didn't because they thought why make more difficult. It was designed
for small groups of people who knew each other."

Now we have developed into a culture where people have almost a compulsion
to share information over the Internet, he said. And that has opened the
door to a tremendous amount of cyberespionage. Some of that is done by
organized crime, but some is also done by nation states like China.

"In the last 10 years it's gone from being a retail business to a wholesale
business," he said "You can walk out with a thumb drive with all of the
information for a company."

Theft of personal data, such as what happened with the Target stores
breach, gets all the headlines, he said, but even more harmful is the theft
of technical data that cost billions of dollars to develop.

Our critical infrastructure systems are also vulnerable, said John Zepper,
director of computing and network services at Sandia National Laboratories
in Albuquerque. A cyber attack on the electric grid in South America
knocked out power for an entire country, he said. Less than two months ago,
a substation in California was attacked and taken down.

"Can you imagine knocking out power to a hospital in the middle of an
operation," Zepper said.

He said the "cyber bad guys" have become much more sophisticated. One new
scam involves inserting a reader into an ATM that allows the thief to get
the data and pass codes of anyone who uses that same machine later.

At the same time, efforts to combat espionage are getting more
sophisticated as well. One of the things being worked on is a password
system that recognizes the fingerprints of the user, Zepper said.

For now, he advised computer users to take advantage of all available
patches. And Brenner said people should avoid common and simple passwords
and change passwords often, especially for things like bank accounts.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!