As cyber security has moved into the spotlight of private and public sector priorities over the past decade, leaders across the nation have orchestrated a wide variety of methods to protect their digital assets. From fortifying infrastructures with firewalls and private network defenses to bolstering employee training and awareness efforts on a mass scale, it would appear that organizations have tried everything in the book to defend against the increasingly complex and hazardous threats of the cyber landscape.
Despite billions of dollars in capital expenditure and expert guidance spent on bolstering network protection, however, the dangers of the digital environment still persist - perhaps more so than ever before. If the United States wants to maintain its competitive edge on an international level and ensure the safety of its citizens in both public and private domains, leaders will need to organize a new approach to cyberdefense. This means setting aside the fragmented agendas of various corporate and government groups and making a collaborative effort for a safer, more secure future.
Private sector red flags
In what is shaping up to be considered one of the most sophisticated cyberattacks of all time, the November breach of Sony Pictures' network has served as a major wakeup call for private sector competitors across industries. As Business Insider pointed out, the event's implications run much deeper than the value of the intellectual property exposed from the film studio's databases - Sony's exceptionally well-defended systems were thought to be impenetrable, proving that even the world's most resilient infrastructures are prone to insecurity.
"In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably got past 90 percent of Internet defenses that are out there today in private industry and [would have] challenged even state government," Joseph Demarest, assistant director of the FBI's cyber division, told a U.S. Senate hearing, according to the source.
While the group responsible for the attack, an organization known as Guardians of Peace, has come forth as accountable for the attack, investigators are still boggled by the level of coordination and persistence with which the breach was orchestrated. The FBI and private security contractors are working together to get to the bottom of the mystery, but if future attacks of this nature are to be prevented, a closer partnership between these types of groups will be paramount.
State-level security concerns
The federal government isn't the only rung of the nation's public hierarchy faced with security challenges - agencies at the state level are also under constant threat from cyber attackers both domestic and international. According to a recent article from the Seattle Times, however, Washington state is struggling to uphold an airtight cyber security standard throughout its multiple branches, as an audit exposed several shortcomings and vulnerabilities across its networks. Early 2013 saw the state Administrative office fall victim to a major hack, and although no severe breaches have occurred since then, the details of this audit revealed that another incident may be right around the corner.
Auditor Troy Kelly told the source that of the 1,035 digital assets examined by his office during the evaluation, 350 failed to meet the quality recommended by the state's regulatory standards. Furthermore, 46 of these elements proved to be a "critical threat" to the infrastructure, meaning that a breach situation is imminent unless the state moves to rectify these inadequacies. Michael Cockrill, the state's chief information officer, explained that Washington is not taking these discoveries lightly, and representatives are acting now to improve its defensive profile.
"We had a better, stronger security posture than at the beginning," Cockrill told the source. "If there's one key message that everybody should hear it's that keeping the state's data safe takes coordination and cooperation, and that's what you're seeing here. Every organization is constantly under attack. What we do every day is continue to mitigate that threat."
Calling for a solution
Seeing as security remains such a prominent concern for private sector and state-level public organizations, it may be up to the federal government to piece together a plan that will finally prove effective for long-term defensive fortification. A recent article from the U.S. Defense Department Science blog highlighted the development of an overarching strategy aimed at unifying private and public sector interests in a collaborative approach to digital defense, as articulated by NSA Director Michael Rogers at the recent Reagan National Defense Forum in Simi Valley, California.
"This is the ultimate team sport," Rogers stated. "There is no single sector, there is no single element of this population, there is no single element within the government that has the total answer. It will take all of us working together to make this work. We have got to understand each other, and I'm watching two cultures that are largely just talking past one another."
While coordinating the efforts of private and public sector groups in an efficient manner is much easier said than done, legislation is in the works to codify components of the Defense Department that have long been unofficially dedicated to this branch of security. Rogers, who also heads the U.S. Cyber Command and the Central Security Service, explained that although these new structures will help move the country in the right direction, leaders across sectors will ultimately need to recognize the urgency of these issues for themselves and band together in the name of national defense.