Posted By David Brousell, July 21, 2011 at 7:40 AM, in Category: Cybersecurity
It seems like almost every day we are hearing about attacks on computer networks. In just the last few months, cyber-attacks have been reported at Citicorp, Exxon, Shell, Google, PBS, NASA, Fox, Lockheed Martin, and the International Monetary Fund, to name just a few. The type of company or organization doesn't matter. Any company or organization appears to be vulnerable.
A survey released in June by Juniper Networks puts some numbers on the problem. In the poll, 90% of businesses said their networks had been hacked at least once in the past year. Significantly, this number doesn't include Website hacks or denial-of-service attacks. Moreover, the survey, of 583 IT and IT security professionals in U.S. organizations, revealed that 41% suffered a financial loss of $500,000 or more from the more significant network and system attacks.
But the growing problem of cyber-security goes way beyond business. It is becoming a larger issue for national security, as demonstrated by a new cyber-security policy announced last week by the U.S. Department of Defense.
Among its policy provisions, the 13-page “Department of Defense Strategy for Operating in Cyberspace” statement calls for a partnership program with the private sector to enable what DoD terms a "whole-of-government" approach to cyber-security.
The DoD said it would establish a "pilot public-private sector partnership intended to demonstrate the feasibility and benefits of voluntarily opting into increased sharing of information about malicious or unauthorized cyber-activity and protective cyber-security measures."
Industrial companies that are suppliers to the DoD have worked with the department for some time on the cyber-security issue. In 2007, for example, the DoD launched the Defense Industrial Base Cyber Security and Information Assurance program. But the policy statement last week seemed to go beyond the defense suppliers and appears to be a broader invitation to the private sector to team up on the cyber-security issue.
This may be something that other manufacturers might want to take a look at, with an eye toward getting involved. After all, the problem knows no boundaries.
"Cyber-threats to U.S. national security go well beyond military targets and affect all aspects of society," the new DoD strategy report says. "Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control critical civilian infrastructure. Given the integrated nature of cyberspace, computer-induced failures of power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption.
"While the threat to intellectual property is often less visible than the threat to critical infrastructure, it may be the most pervasive threat today. Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies."
The DoD itself, with more than 15,000 networks and 7 million computing devices around the world, is under constant attack. The report says that DoD networks are "probed millions of times every day," and successful attacks have resulted in the loss of thousands of files from the DoD, allies, and partners. The report also singles out the IT industry as a weak link.
"Software and hardware are at risk of malicious tampering even before they are integrated into an operational system," the report says. "The majority of information technology products used in the United States are manufactured and assembled overseas. The reliance of DoD on foreign manufacturing and development creates challenges in managing risks at points of design, manufacture, service, distribution, and disposal."
Apart from the problems and the risks, the new DoD policy is clear that there are many benefits to be found in cyberspace. As it increasingly becomes a part of everyday life, the DoD says, cyberspace has become an "incubator" for free enterprise, advances in technology, the spread of free speech, "and new social networks that drive our economy and reflect our principles."
Unfortunately, but not unexpectedly, crime has become part of this fabric. The policy announcement from the DoD last week is an attempt to fight back hard. And it sounds like the department needs all the help it can get.
To take a first step, you can access the DoD report here
Written by David Brousell
Global Vice President, General Manager and Editorial Director of the Manufacturing Leadership Council