Donald Fry: Cyber threat warnings offer scary scenarios

Posted by on in Blog
  • Font size: Larger Smaller
  • Hits: 7524
  • Subscribe to this entry
  • Print
  • Report this post
By Donald C. Fry

To the more than 300 CEOs and senior executives who gathered for the Greater Baltimore Committee’s annual Economic Outlook Conference yesterday, the program may have seemed like a 21st-century version of a “Scared Straight” experience.

The United States is the target of daily cyber attacks that is costing U.S. businesses millions of dollars, two members of Congress, and a private-sector expert told the business leaders.

And by the way, the Internet is a cauldron of online consumer scams, counterfeit web sites, data breaches, and cyber bullying, added Maryland’s attorney general who also was among presenters who buffeted the audience in the ballroom of the Marriott Inner Harbor Hotel with scary news.

“We are in a cyber war today, and most Americans don’t know it,” Rep. Mike Rogers, chairman of the House Intelligence Committee, reported.

“Some companies in this room here today are being cyber-attacked and they’re not aware it’s happening,” said Maryland Congressman C.A. Dutch Ruppersberger, the intelligence committee’s ranking member.

The cyber-war is the nation’s biggest national security threat, but “America is not ready,” Rogers said.

Cyber attacks are not just about disrupting infrastructure, such as the electrical grid and banking networks – which is a major potential threat. Attacks are more often deployed to gain an economic edge by stealing intellectual property from corporate America. “They are stealing our information and they are stealing our jobs,” said Ruppersberger, who cited estimates that $300 million worth of trade secrets are stolen from U.S. companies every year.

“Cyber espionage is real to our business community as well as to our national security infrastructure,” said George M. Schu, senior vice president of Booz Allen Hamilton. “The Chinese, by themselves are extracting over a terabyte (1,000 gigabytes) of information every day.”

In addition to China, other cyber attackers include Russia, Iran and “criminal actors” and activists based in many nations, said Rogers. “We are just one day, one event, one irrational actor away from a catastrophic cyber attack.”

Fortunately, the National Security Agency (NSA) is “exceptionally good” at identifying threats, according to Rogers.

That’s comforting, because cyber attacks are increasing on our nation’s infrastructure, such as the electrical grid, water supplies, cell phones and computer networks, yesterday’s speakers agreed.

If successful, the attacks could have a profound impact on our economy. For instance, should our financial networks be successfully attacked, “it would make the financial crisis of 2008 pale by comparison,” said Schu.

Cyber attacks on critical infrastructure in the U.S. have increased 17-fold since 2009, Schu said.

In the face of all of this, the obvious question is: what can be done about the cyber threat?

Rogers and Ruppersberger, in their respective roles on the Intelligence Committee, proposed legislation that would permit the sharing, between government and businesses, of information about cyber attacks.

Current federal laws do not allow sharing of government intelligence with the private sector, said Ruppersberger.

Ruppersberger and Rogers concede that new legislation would have to achieve a delicate balance where business and government would share cyber-attack information in a way that wouldn’t compromise national security or the civil liberties, privacy or intellectual property of businesses.

Provisions of the narrowly-focused Intelligence Committee bill include the creation of a “classified forum” where government and businesses that volunteer to participate would share malicious cyber attack source codes that they encounter, Rogers said.

The bill passed the House last spring, but the Senate opted to craft its own legislation. House and Senate leaders are said to be working to develop cyber-threat legislation acceptable to both chambers.

Part of the challenge in developing government initiatives to address issues such as cyber attacks and other online privacy invasions is that “the technology of the Internet is so far ahead of the laws,” said Maryland Attorney General Douglas F. Gansler. He spoke to GBC members about how states are seeking to address issues such as online scams, data breaches, and cyber bullying.

Gansler said his office and the National Association of Attorneys General, of which he is president, is working to address Internet issues at the individual business and consumer levels.

Such issues include collection and dissemination of information on the Internet, protection of personal data gathered on Internet sites, sharing of data gathered by businesses, and protecting intellectual property.

“We have to draw the line between privacy and legitimate business interests,” Gansler said.

Given the commitment of Gansler and state attorneys general on a national scale to this issue, it seems likely that substantive internet security legislation will begin to surface in the Maryland General Assembly possibly as early as the 2013 session.

At the national level, the picture painted by yesterday’s presenters is plenty scary.

As a nation, we’re being spied upon and robbed. Our national cyber infrastructure is vulnerable to kooks, troublemakers acting out, America-haters and terrorists “who know they can’t win the war, but want to win the battle,” as Ruppersberger puts it.

The NSA is really good at identifying threats to infrastructure, but what if they miss one?

Individual businesses remain highly exposed to cyber theft, but can’t get the most effective help from a federal government that is, by law, prohibited from sharing intelligence.

It seems clear that some creative solutions are needed, preferably now. What are the chances?

“Right now, the only thing standing in the way is Congress,” says Ruppersberger.

“Uh oh,” as one attendee at the GBC conference quipped. “That’s really scary.”

On a positive note, the need to address this challenge to protect our businesses and national security may be the one issue that is so compelling that our elected officials will put aside political ideology and do the job they were elected to do – problem solve and protect the public.

We can only hope.

Donald C. Fry is President and CEO of the Greater Baltimore Committee. He is a regular contributor to Center Maryland.

Recent Center Maryland columns by Donald C. Fry:

Labor Day violence frames the challenge facing new police commissioner

It’s time to seriously consider maglev in NE rail planning

Building downtown ballpark a defining moment for Baltimore

Employers: workplace skills gap driven by need for IT talent

Businesses must cultivate Baltimore’s youthful talent

State task force: Manufacturing is making a comeback

Health care reform: Maryland insurers, Medicaid ahead of the readiness curve
Rate this blog entry:

Donald C. Fry has been the president and CEO of the Greater Baltimore Committee (GBC), the central Maryland region's most prominent organization of business and civic leaders, since November 2002.

Under Don’s leadership, the GBC is recognized as a knowledgeable and highly credible business voice in the Baltimore region, Annapolis and Washington, D.C. on policy issues and competitive challenges facing Maryland. Its mission is to apply private-sector leadership to strengthening the business climate and quality of life in the region and state.

Fry served as GBC executive vice president from 1999 to 2002. From 1980 to 1999 Fry was engaged in a private law practice in Harford County. During this time he also served in the Maryland General Assembly. He is one of only a handful of legislators to have served on each of the major budget committees of the General Assembly.

Serving in the Senate of Maryland from 1997 to 1998, Fry was a member of the Budget and Taxation Committee. As a member of the House of Delegates from 1991 to 1997 Fry served on the Ways and Means Committee and on the Appropriations Committee.

Fry is a 1979 graduate of the University of Baltimore School of Law. He earned a B.S. in political science from Frostburg State College.