The cost of ubiquitous cyber attacks and cyber probes in the United States and the rest of the world is a staggering, ever-growing challenge. Antivirus firm Symantec estimated the 2011 global price tag of direct financial loss and the cost of remediating attacks at $338 billion, excluding the theft of intellectual property and damage from data breaches. When theft of intellectual property is factored in, the figure soars past $1 trillion, according to former head of the NSA, General Michael Hayden.
In fact, General Hayden has been quoted as describing the theft of intellectual property from the United States as the “largest transfer of wealth in the history of mankind.” Taken together, the real costs of cyber breaches represent an enormous external financial threat to the U.S. economy. And it seems headed only higher as bellicose nations like Iran step up cyber attacks on America and elsewhere.
IT security has been a problem for years, threatening core economic drivers such as intellectual property, commerce, banking and the Internet. But it has become far more serious as foreign government spy organizations and organized crime have escalated their attacks and replaced young hackers as the chief perpetrators. Unlike politically motivated hackers, state actors are motivated by state agendas to do damage or steal intellectual property, while organized criminals are driven by financial motives. We have also moved far more deeply into a digital world of ubiquitous computer networks, with well over 10 billion vulnerable devices now connected to the Internet today and forecasts of more than 25 billion devices by 2020. When breaches occur, damage is done at the speed of light.
IT Security: The Fourth Leg of the Stool
In response, IT security has become the fourth leg of the computing stool, supplementing processors, communications, and storage as gating factors for deploying IT solutions. As the costs and risks of cyber threats have come into sharp focus, IT security has become a “must have” for all access points to ubiquitous data networks underlying the transition from an analog to a digital economy.
While this is clearly an essential and critical step in the right direction, it will take time for the benefits to be realized as we reinvent our technology foundation for a more secure future. In the interim, today’s decades-old computing constructs—originally developed for a much less connected and hence, more secure world—will continue to be highly susceptible to inherent vulnerabilities.
Today’s cyber challenges have become analogous in many ways to an arms race in which the bad guys have the same technology, as well as a motivational edge over the good guys. They are as well-financed and as smart as the good guys, and they only have to be right once in a while. The good guys, on the other hand, have to be right every time.
While complete statistics for attacks on US industry can be hard to come by—no one is anxious to report a breach—statistics for the U.S. government are more readily available. The U.S. Cyber Command says there are 250,000 probes/attacks on U.S. government networks an hour, or 6 million a day, and among the attackers are some 140 foreign spy organizations. According to the federal Government Accountability Office, the number of actual breaches grew from 5,503 in 2006 to 41,776 in 2010, or 650 percent, the latest figure available.
Since then, major attacks have continued to escalate domestically and abroad. In August, Iran was the suspected perpetrator behind the launch of