Posted by George Colony on June 20, 2011
Intelligent CEOs scan the horizon for distant threats and unaccounted-for risks. Add this to the list: getting caught in the crossfire of a growing trans-national cyber-war.
It appears that independent and government-backed hacking groups in China, North Korea, the U.S. and other countries are engaged in a contest of escalating computer attacks. The most alarming recent salvo saw the compromise of one of the most commonly used authentication mechanisms -- RSA’s Secure ID technology. Since the breach many government contractors including Lockheed Martin and L-3 Communications have recently disclosed that their networks were targets of cyber-attacks apparently using information stolen via the RSA breach. The U.S. government has threatened to retaliate, putting the world on footing to begin a "Code War" mirroring the decades of Cold War between the former Soviet Union and the U.S.
The problem for you is that this quiet war will injure many innocent bystanders -- corporations whose systems are breached by the highly complex new attack technologies. Instead of employing a smash-and-grab audacious approach, the attackers are increasingly utilizing a "low and slow" attack methodology, gathering sensitive information over weeks or months. Increasingly these hackers are targeting intellectual property that companies and governments have built over decades. Google, Northrop Grumman, and Siemens have recently been caught in the cross-fire, and some have said that RSA, a subsidiary of EMC, may not be able to survive as a business given the breach of its core system.
You should be aware of two factors: 1) the frequency of attacks are about to increase, and 2) the attacks will become increasingly sophisticated -- most likely beyond the skills and capabilities of your security staff. You can prepare by taking three actions: 1) Ask your CIO for an assessment of current security capabilities and have him build a contingency plan, 2) Engage CEOs of companies in your sector and work to build mutual protections, and 3) Prepare to ask your federal government for assistance. Collective action and data sharing will be an important survival strategy as the Code War rages...
What is your company doing to prepare for the war? What strategies will you employ? I'd love to get your thoughts.