Richard A. Clarke is no stranger to national security. He was a senior White House adviser to three presidents and served nearly 20 years in the Pentagon, the State Department and the intelligence community, often concentrating on stopping foreign “hackers” from exploiting weaknesses in the nation’s computer networks.
So when Clarke warned a few months back that “every major company in the United States has been penetrated by China,” many people heard his alert. The question is whether awareness will be followed by action.
Clarke, the Defense Department, the FBI and independent groups such as the Carnegie Mellon CyLab agree the United States is losing a silent but potentially deadly war to secure its electronic assets – the massive amounts of data and intellectual property stored on computers, large and small, public and private.
It’s an issue that will be explored June 6 during the Wisconsin Entrepreneurs’ Conference in Milwaukee, where a discussion devoted to doing business in China will come with a necessary warning label from a veteran FBI agent: Learn how to secure your intellectual property.
While China is a poster child for penetrating computer networks, Russia, Iran and North Korea also have become havens for hackers. Their targets are often defense agencies and contractors, but hackers also pose major threats to private companies. Ultimately, that’s an even bigger threat to national security if hackers act as vampires, sucking away at the life’s blood of American innovation.
“My greatest fear is that, rather than having a cyber-Pearl Harbor event, that we will instead have this death of a thousand cuts,” Clarke said during a recent interview, “where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it.”
Corporate boards and managers are largely unaware of the threat, according to a recent CyLab report. The report examined how boards of directors and senior managers are managing privacy and cyber risks, which range from economic espionage to imported tech tainted with backdoor attack tools that could bring computer networks down.
About 75 percent of the respondents to a CyLab survey were from “critical infrastructure” sectors such as financial, energy and utilities, telecommunications and industry. Within the energy sector, for example, 71 percent of those surveyed said their boards rarely if ever review privacy and security budgets, 64 percent rarely if ever review top-level policies, and 57 percent rarely if ever review security program assessments.
“If boards and officers have an obligation to ensure that the R&D lab door is locked, they similarly have an obligation to ensure that the digital R&D lab door is locked,” wrote Jody Westby, author of the CyLab report.
That’s a problem at the “general” level in the cybersecurity war. A bigger challenge may be the shortage of well-trained foot soldiers.
The Department of Homeland Security announced in 2009 it wanted to hire 1,000 cybersecurity experts. At last count, according to National Defense magazine, it had hired about 260 and reset its goal to 400 by October 2012. The core problem is there isn’t enough talent to go around.
American universities bestow only 9,000 computer science degrees each year, according to a count by the Booz Allen Hamilton consulting firm, while other nations are cranking out far more graduates with similar skills. It is indicative of America’s lagging production of science, technology, engineering and math graduates – the so-called STEM education crisis.
Complicating matters is the nature of American society, which is built on openness. The challenge of locking down digital assets is running head-on into a culture of social media.
So, will this war be lost before it’s even declared? Not necessarily. More companies are grooming existing workers to defend their networks and the information they hold. The Pentagon has dramatically expanded a pilot program for sharing cyber-threat information with contractors. Schools such as Madison College are establishing cybersecurity career paths. Recruiters are combing local “hackathons” for talent. Military personnel returning from the Middle East are increasingly being viewed as a talent pool because of their training and instincts.
Cybersecurity networks are being established in Wisconsin as well. The Wisconsin Security Research Consortium is poised to build a commercially available facility with the right clearance credentials for training. That could soon house an internship program.
Whether the threat is a disruptive digital attack from abroad or the steady drip of stolen data, cybersecurity is a national concern. It’s far better to mobilize now than wait for all-out war.
Still is president of the Wisconsin Technology Council. He is the former associate editor of the Wisconsin State Journal.