Leaders in the cybersecurity industry gathered at the Virginia Tech Research Center in Ballston this morning to attend a forum hosted by Rep. Jim Moran (D).
Discussion revolved around cyber threats America faces and how best to address the problems as funding dwindles. Speakers noted it’s important to look ahead and focus on what threats may arise, as opposed to those already known.
“We get used to what the current threat level is, and forget how rapidly that can change, ” said Rear Admiral Samuel Cox, Director of Intelligence for U.S. Cyber Command.
Cox said although it doesn’t appear that groups like Al Qaeda have an immediate ability to wage a large scale cyber attack, that’s quickly changing. He stressed America’s need to be prepared to go on the offensive, instead of simply defending itself against cyber attacks.
“Our job is to plan to do things we hope we never, ever have to do,” Cox said.
During her keynote remarks, Teri Takai, the Department of Defense Chief Information Officer, spoke of the recently announced intention to expand a program to help bridge the information gap between government entities and the private sector. Currently, the DoD has a partnership with 37 companies, in which classified information about potential cyber attacks is shared among all the participants. The goal is to expand that number to 200 companies this year. Takai believes the approval from the White House may come in as little as 60 days.
“This is important because this really looks beyond just the DoD world,” Takai said.
Takai said there’s an active effort to look at how to best assess risk in the government’s supply chain. That includes not only ensuring the security of computer hardware and software in use, but also knowing everyone who has access to the network and what they have access to.
Moran said a significant sticking point in information sharing is that private businesses often keep quiet when their systems are hacked. He said at some point, private firms will realize they can’t protect themselves on their own, and will have to be part of the team. He believes the situation requires more collaboration than what exists right now.
“Private firms don’t want to reveal when they’ve been hit and how much they’ve lost,” Moran said. “The government is going to have to play a bigger role.”
Moran reiterated the need for priorities to shift toward cyber from the traditional “boots on the ground” approach to security. He’s confident that as plans for increasing information sharing about cyber security expand, the money to implement such plans will follow.