Communication Networks Threatened by Cyber Security Attacks: Experts Testify

Beefing up U.S. cyber security has become a pressing priority but several technology leaders warn against excessive regulations.

Speaking last week before the U.S. House Energy and Commerce Subcommittee on Communications and Technology, the witnesses said that small- and medium-sized businesses and some other sectors are most at risk for cyber-attacks. On the other hand, big telecom companies are able to secure their own operations.

Other sectors, though, are “in bad shape,” James Lewis, director of the Technology and Public Policy Program at the Center of Strategic and International Studies, told members of Congress during the hearing. “Small businesses don’t know what to do,” Bill Conner, CEO of Entrust (News - Alert), said about the threat. Similar concerns for small businesses were reported on TMCnet, as they work to create more jobs in the economy.

“The cyber security problem is getting worse not better,” Lewis added. “There’s straightforward evidence that what we’re doing now isn’t working.”

Based on her observations, Phyllis Scheck, CTO of McAfee (News - Alert), Inc., said, “This enemy is faster and smarter than we are at times. They have no intellectual property boundaries, no legal boundaries, no policy boundaries. And in many … cases, they have plenty of money.” Also, clean bandwidth can cost a lot of money and “users aren’t willing to pay the difference,” she added.

In the last 18 to 24 months there has been a “dramatic change” in cyber threats, Larry Clinton, CEO of the Internet Security Alliance, told the members of Congress. Iran – for instance could soon attack the United States using cyber warfare – and cyber-attacks may soon pose more of a threat to the United States than terrorism, Lewis said, citing testimony by FBI officials. “The ability to launch damaging attacks is spreading from a few advanced nations to many countries and many hostile groups,” Lewis added. He warns that in a few years, hackers could disrupt critical U.S. services.

“The treat is real. The vulnerabilities are extensive. And the time for action is now,” Robert Dix, vice president, Government Affairs, Critical Infrastructure Protection, Juniper Networks (News - Alert), added in his testimony.

“Cyber-attacks have grown increasingly sophisticated using what’s commonly referred to now as the advanced persistent threat (APT (News - Alert)),” Clinton said. “APT attackers are pros. They’re highly organized, well-funded, and often state-supported expert attackers who use coordinated sets of attacking methods, both technical and personal.”

Clinton said the biggest problems in stopping cyber-attacks are economic – because “cost” is the single biggest barrier to combat the threats. In fact, a 91 percent increase in spending is needed to reach an “acceptable” level of security, according to a recent report from Bloomberg (News - Alert) News, Clinton said.

There are currently legal obstacles to sharing more essential information, and a coordinated defense is also needed, the witnesses said. Clinton also warned about bad regulation becoming counter-productive. “You’re dealing with the invention of gunpowder,” Clinton told members of the House subcommittee. “Mandating thicker armor is not going to work anymore than building deeper moats was going to stop the hoarders and invaders… We need a contemporary and creative approach that engages the private sector with government – not having the government control what the private sector does.”

The need comes as global Internet traffic is increasing at a rate of 40 to 50 percent a year – and is expected to reach 4 billion users during 2013, Dix said. “The explosion in the use of smartphones and tablets and the advent and the use of social media is rapidly changing the workplace and we communicate,” Dix added. “This is the essence of technology. It enables us to do what we never could have imagined. And that includes those with nefarious motives.”