How to stop virtual fence-jumpers
The fall of 2014 is not yet over, but it has already proven itself to be a season of anxiety for the White House.
This anxiety goes far beyond politics, stemming instead from security issues. In recent months, two individuals have managed to scale the White House fence and enter the grounds, one making it inside the building itself before being apprehended.
The physical fences at the White House, however, are not the only ones being breached. In October, the Executive Office of the President fell victim to a serious cyber-attack. Though the targeted network did not contain classified information and no permanent damage was suffered, White House staff did experience service breakdowns and some were instructed to create new passwords.
Like the intrusions by both fence-jumpers, the scope of actual harm done may have been minor, but the scope of the threats exposed was anything but. Indeed, the gentlemen who scaled the fence appear, by all indications, to have acted on their own. The hackers, however, are believed to have had some help from friends in Moscow.
Early reports indicate that the White House hackers may have been working for the Russian government. The Washington Post reported that an attack of this nature was “consistent with a state-sponsored campaign,” and Russia has certainly been no stranger to mounting cyber-warfare offensives. Kremlin hackers have gone after classified U.S. military networks in the past, in addition to those of NATO and other foreign entities.
And it’s not just the White House and other government agencies that should be concerned. When J.P. Morgan Chase & Co. was hacked this summer — and more than 80 million customers had their personal information exposed — early speculation centered on Russian hackers with possible government connections.
Though the FBI appears to have refuted the specific theory that J.P. Morgan and other financial institutions were targeted in response to Western sanctions imposed on Putin’s government, Russian criminal elements are still thought to have been involved. And, as one U.S. official told the Wall Street Journal, the connection between Russian cybercriminals and the Russian government goes “back into that gray area. You really can’t tell.”
Russia may have just secured the top spot as America’s No. 1 online nemesis. At least that seems to be the opinion of James Clapper, the Director of National Intelligence, who recently remarked that he “worr[ied] a lot more about the Russians” than even the Chinese as a threat to our national cybersecurity.
The threat is real. The only question to answer is — how should we best defend our nation and our interests?
If Russian hackers — with varying degrees of potential government backing — are a threat to both the American government and our corporations, then one step is readily apparent: the private and public sectors must work together to thwart this common enemy. The sharing of information, expertise and best-practices gained by actual experience is essential to protecting our digital territory and safeguarding everything from customer data to intellectual property to state secrets.
J.P. Morgan’s CEO, Jamie Dimon, admitted in the wake of his company’s cyber-attack that “this is going to be a big deal and there will be a lot of battles. We need a lot of help.”
Could some of that help not come from government experts? The White House needs help as well — one of the more disturbing aspects of the recent hack was that it went largely unnoticed until an allied nation alerted us. Perhaps outside consultants from the private sector could help improve our early-warning systems.
The more trust and collaboration that exists between the government and private industry, the more both can protect themselves from foreign threats. A number of organizations are already working to help facilitate this: the Treasury Department’s Financial Sector Cyber Intelligence Group and the U.S. military’s Cyber Command have both conducted active outreach to the private sector, and the Security Innovation Network helps bring stakeholders from both arenas together.
Both government agencies and major corporations are staffed with bright, innovative pioneers in the cybersecurity field. But as both sectors have found out, there is no silver bullet that stops cyber-attacks. Further collaboration may forge one yet.
Javier Ortiz is a principal at Crane & Crane Consulting, an adviser on public policy and regulations for a D.C.-based global law firm, an investor in cybersecurity technologies and services, and who recently spoke on the Cybersecurity Landscape panel hosted by the U.S. Securities and Exchange Commission (SEC).