By Donald C. Fry
To the more than 300 CEOs and senior executives who gathered for the Greater Baltimore Committee’s annual Economic Outlook Conference yesterday, the program may have seemed like a 21st-century version of a “Scared Straight” experience.
The United States is the target of daily cyber attacks that are costing U.S. businesses millions of dollars, two members of Congress and a private-sector expert told business leaders.
And by the way, the internet is a cauldron of online consumer scams, counterfeit Web sites, data breaches and cyber bullying, added Maryland’s attorney general who also was among presenters who buffeted the audience in the ballroom of the Marriott Baltimore Inner Harbor Hotel with scary news.
“We are in a cyber war today, and most Americans don’t know it,” Rep. Mike Rogers, chairman of the House Intelligence Committee, reported.
“Some companies in this room here today are being cyber-attacked and they’re not aware it’s happening,” said Maryland Congressman C.A. Dutch Ruppersberger, the intelligence committee’s ranking member.
The cyber war is the nation’s biggest national security threat, but “America is not ready,” Rogers said.
Cyber attacks are not just about disrupting infrastructure, such as the electrical grid and banking networks – which is a major potential threat. Attacks are more often deployed to gain an economic edge by stealing intellectual property from corporate America.
“They are stealing our information and they are stealing our jobs,” said Ruppersberger, who cited estimates that $300 million worth of trade secrets are stolen from U.S. companies every year.
“Cyber espionage is real to our business community as well as to our national security infrastructure,” said George M. Schu, senior vice president of Booz Allen Hamilton. “The Chinese, by themselves, are extracting over a terabyte (1,000 gigabytes) of information every day.”
In addition to China, other cyber attackers include Russia, Iran and “criminal actors” and activists based in many nations, said Rogers. “We are just one day, one event, one irrational actor away from a catastrophic cyber attack.”
Fortunately, the National Security Agency (NSA) is “exceptionally good” at identifying threats, according to Rogers.
That’s comforting, because cyber attacks are increasing on our nation’s infrastructure, such as the electrical grid, water supplies, cell phones and computer networks, yesterday’s speakers agreed.
If successful, the attacks could have a profound impact on our economy. For instance, should our financial networks be successfully attacked, “it would make the financial crisis of 2008 pale by comparison,” said Schu.
Cyber attacks on critical infrastructure in the United States have increased 17-fold since 2009, Schu said.
In the face of all of this, the obvious question is: what can be done about the cyber threat?
Rogers and Ruppersberger, in their respective roles on the Intelligence Committee, proposed legislation that would permit the sharing of information about cyber attacks between government and businesses.
Current federal laws do not allow sharing of government intelligence with the private sector, said Ruppersberger.
Ruppersberger and Rogers concede new legislation would have to achieve a delicate balance where business and government would share cyber-attack information in a way that wouldn’t compromise national security or the civil liberties, privacy or intellectual property of businesses.
Provisions of the narrowly-focused Intelligence Committee bill include the creation of a “classified forum” where government and businesses that volunteer to participate would share malicious cyber attack source codes that they encounter, Rogers said.
The bill passed the House last spring, but the Senate opted to craft its own legislation. House and Senate leaders are said to be working to develop cyber-threat legislation acceptable to both chambers.
Part of the challenge in developing government initiatives to address issues such as cyber attacks and other online privacy invasions is that “the technology of the Internet is so far ahead of the laws,” said Maryland Attorney General Douglas F. Gansler. He spoke to GBC members about how states are seeking to address issues such as online scams, data breaches and cyber bullying.
Gansler said his office and the National Association of Attorneys General, of which he is president, is working to address Internet issues at the individual business and consumer levels.
Such issues include collection and dissemination of information on the Internet, protection of personal data gathered on Internet sites, sharing of data gathered by businesses and protecting intellectual property.
“We have to draw the line between privacy and legitimate business interests,” Gansler said.
Given the commitment of Gansler and state attorneys general on a national scale to this issue, it seems likely substantive internet security legislation will begin to surface in the Maryland General Assembly possibly as early as the 2013 session.
At the national level, the picture painted by yesterday’s presenters is plenty scary.
As a nation, we’re being spied upon and robbed. Our national cyber infrastructure is vulnerable to kooks, troublemakers acting out, America-haters and terrorists “who know they can’t win the war, but want to win the battle,” as Ruppersberger puts it.
The NSA is really good at identifying threats to infrastructure, but what if they miss one?
Individual businesses remain highly exposed to cyber theft, but can’t get the most effective help from a federal government that is, by law, prohibited from sharing intelligence.
It seems clear some creative solutions are needed, preferably now. What are the chances?
“Right now, the only thing standing in the way is Congress,” says Ruppersberger.
“Uh oh,” as one attendee at the GBC conference quipped. “That’s really scary.”
On a positive note, the need to address this challenge to protect our businesses and national security may be the one issue that is so compelling that our elected officials will put aside political ideology and do the job they were elected to do – problem solve and protect the public.
We can only hope.
For photos and videos of the GBC’s Economic Outlook Conference, visit GBC’s Facebook page.