Cybersecurity has regularly dominated the news, most recently with the ongoing showdown between Apple and the FBI.
Both corporate and government priorities have evolved accordingly. The FBI says more than 7,000 US companies have been victimized by smartphone-based attacks that have penetrated the company network, and the Pentagon’s cyber warfare budget has increased 31% to $5.1 billion in 2015 from 2013. These statistics show that, in a world of smartphones and connected devices, companies and government agencies can’t afford to disconnect; they need to defend themselves.
In this episode of Ventured, my partner Brook Byers and General Keith Alexander engage in a wide-ranging discussion on these topics, covering terrorism, cyber threats, and network security. After serving as director of the National Security Agency (NSA) for many years, General Alexander recently shifted his efforts to the private sector by starting IronNet, which provides large corporations and government agencies with the tools to prevent cyber-attacks on their critical infrastructure.
Here are excerpts of their conversation.
Should technology companies offer a backdoor?
Smartphones have been used to plan terrorist attacks. However, Apple CEO Tim Cook refuses to offer a backdoor for the FBI to access the data on one of phones used by the San Bernardino shooters. General Alexander suggested getting technology executives together to ask them if there’s a practical way to solve the problem.
He worries that if another 9/11 terrorist attack happens, Congress will press on civil liberties and privacy and in the immediate aftermath of another attack, it will become even more difficult to come up with a solution that works for everyone. Bringing together all constituents– the government, the private sector and civilians– increases the chances of creating a more equitable solution to the problem.
Behavioral modeling to identify network threats
The seeds for General Alexander’s startup, IronNet, came about as a new way to visualize security through an understanding of what was happening on computer networks. By using real-time visualization of a company’s cyber infrastructure and by using data on advanced persistent threats, IronNet created a method for detecting hacks and preventing cyber attacks.
The analysis of the 2014 data breach of JPMorgan showed that the hackers had left signs of lateral movement, the different stages involved in penetrating a network, scoping out the network and setting up before the actual attack. The cyber attackers had scanned seven other banks during the same period that they had penetrated JPMorgan but only JPMorgan was hacked. The other banks’ computer networks were protected.
If the banks had all worked together, they would have been able to detect suspicious activity and help each other shore up their defenses. IronNet’s behavior models and analytics are intended to capture that type of big picture activity to detect breaches and prevent cyber attacks.
The NSA and Edward Snowden
When asked if Snowden was a traitor, Alexander said Snowden isn’t by the “textbook meaning,” but Alexander clearly didn’t approve of Snowden’s behavior.
Geoffrey Stone, ACLU board member and acting dean at the University of Chicago Law School, surprised people by agreeing with Alexander and going even further: he said Snowden is a criminal who should be tried, prosecuted, and put in jail. Stone, who reviewed the NSA program as part of the Presidential Review Board after the Snowden incident, supported the NSA program because he found it had thwarted hundreds of potential terrorist attacks over the years while following the letter of the law and operating with the utmost integrity in its efforts to protect our country and people.
How cyber threats blur the lines between private and government roles in security
In 2008, U.S. Cyber Command was created to defend the country after Russian malware was detected on a classified network. When a company is being attacked by a nation state, the government needs to step in. The cyber attack on Sony, which came from a perpetrator in North Korea, is a good example. However, if Sony had retaliated and North Korea decided not to respond with a cyber attack, it could have started a land war. The government needs to have ultimate oversight in the use of nuclear, diplomatic, or cyber blockades when nation-states are involved.
Gen. Alexander’s top three cyber threat concerns
Cyber and terrorism are interrelated. First, ISIS has far-reaching radicalization ability, leading to attacks such as the one in San Bernardino. Second, Russia’s interest in the Ukraine will continue. Russia is responsible for the attack on Ukraine’s power grid in December, after hackers installed malware that ruined computer systems in six power companies — causing a widespread blackout of the power grid. Lastly, the territorial disputes in the South China Sea will be an issue. “We must treat our allies as our friends,” he says. Statistically, Europe will suffer more attacks than the United States because ISIS and Al Qaeda activity is worsening.