By Michael Vizard
Unless private industry is allowed to work more collaboratively on IT security with the government, the prospect of a cyber-Pearl Harbor event wiping out huge swaths of the U.S. infrastructure is very high, according to former CIA Director Leon Panetta.
Speaking at last week’s McAfee Focus 2013 conference, Panetta noted that 90 percent of the U.S.’s critical infrastructure is in private hands. Defending that infrastructure will require a strong partnership between government and the elements of the private sector that have control of those systems, he said.
“A cyber-attack would virtually paralyze our nation,” Panetta said. “This goes way beyond hackers and criminals or people trying to steal sensitive information.”
To reduce the risk of cyber-warfare, Panetta is hopeful that countries will come together to sign bilateral cyber-warfare agreements similar to today’s nuclear non-proliferation treaties.
In the meantime, Panetta is encouraging the U.S. Congress to pass a set of laws that would indemnify companies that share information with the U.S. government from being sued by their customers.
Panetta said the problem the legislation faces is that, with all the gridlock in Congress, nothing is getting accomplished. “We’re dealing with record deficits, debt and gridlock,” he said. “That bodes ill for the kind of future we want our children to have.”
In addition to making people more aware of the potential cyber-warfare threat, both industry and government need to keep investing in security technologies, Panetta said. The U.S. and many other countries, he noted, now routinely include cyber-attacks to wipe out an enemy’s infrastructure in their military plans. Panetta said the U.S. needs to be able to defend itself from nation states and terrorist organizations that already have cyber-warfare capabilities or are actively trying to acquire them.
Panetta noted that an Iranian-backed group was able to destroy 30,000 computers owned by Saudi Aramco using a Shimoon virus. Multiply that type of attack against transportation, financial, health-care and electrical systems and it becomes pretty apparent how devastating cyber-warfare can be, Panetta said.
Greg Brown, vice president and CTO for cloud and Internet of things at McAfee, said the primary issues that CIOs need to contend with when it comes to most embedded systems is that they were designed long before they could be connected to the Internet. As such, the systems usually don’t include security controls. Brown said Intel, the parent company of McAfee, recently unveiled a Quark family of processors for embedded systems that, among other things, bakes security into the instruction set of the processor. “Security needs to be integrated with the hardware,” said Brown.
As Intel embeds more security functionality into its processors, the chipmaker says the cost of deploying security will decrease, which could help insure that security is more broadly applied.
Speaking at the same McAfee Focus 2013 conference as Panetta, Intel president Renee James said Intel plans to embed security in every class of Intel processors. “We believe security needs to ubiquitous,” he said. “In the next two years you’ll see a lot more integrated security. Our goal is to change the economics of security.”