Companies Blindfolded in Cyber War Defense

From: The Wall Street Journal/CIO Journal

Rachael King

Companies are getting caught in the cyber crossfire between nations such as China and the United States, but aren’t getting enough government help in untangling the tangled web of malware and data exfiltration. Cyber attacks have been hammering U.S. companies at a relentless pace that only seems to be increasing. This afternoon the Wall Street Journal reported that its computer systems had been infiltrated by Chinese hackers for the apparent purpose of monitoring the newspaper’s China coverage. The news comes after the New York Times said that Chinese hackers have infiltrated its computer systems for the last four months in possible retaliation for an article the Times published in October about the relatives of Wen Jiabao, China’s prime minister.

According to one computer security expert, the government could be doing more, but agency protocols concerning classified information are preventing it from sharing data that could help companies fend against an ever-growing wave of cyber attacks.

“If you’re Viacom or Sony or JP Morgan Chase , you don’t have classified people in the IT department and there’s nobody to give the information to,” said Michael Friedberg, partner at Stroz Friedberg, a firm often called in to help companies who are victims of such attacks. Mr. Friedberg says that when the government is ready to distribute information, it should simply declassify the information.

Intelligence agencies keep track of foreign hacking groups that are suspected of being affiliated with particular governments. In many cases intelligence agencies have seen how certain groups perpetrate cyber attacks and have information that can help companies better fend against those attacks.

“What we really need is better information-sharing with intelligence agencies and communities and a way to facilitate that,” Joseph Santamaria, CIO of UIL Holdings in New Haven, Conn., told CIO Journal back in August. UIL Holdings serves about 700,000 electric and natural gas utility customers. Utility companies already share information, but there’s not as much sharing from intelligence agencies, he said, which means “there’s a pool of knowledge that’s not actionable.”

Hackers often have distinctive styles in the way they attack. They might use certain protocol, IP addresses, malicious software file names or try to exfiltrate information from specific ports on computer switches. That information can give incident responders clues about where to look to stop attacks. On Christmas Eve in 2011, Mr. Friedberg says seven people from his firm responded to an attack. “The government is saying we have this information but we can only give it to a classified person,” said Mr. Friedberg, adding that it took three to four days to work out a communications path.

“As incident responders, we need very straightforward technical information,” said Friedberg. Sometimes intelligence agencies are worried about revealing too much information about foreign groups but Friedberg says he only needs technical information. “I don’t need to know the name of the organized crime cell in a specific country that is involved,” he said.

Better information sharing has wound its way up the Congressional docket, but with mixed results. In the past, cyber security bills that have attempted to promote sharing of intelligence between the government and the private sector have come under attack from civil liberties groups who have expressed concern that there will be privacy implications. Congress has signaled that cyber security will be a priority this session. The Senate introduced a bill on January 23 called the Cybersecurity and American Cyber Competitiveness Act of 2013. One of the stated goals of that bill is to improve communication and collaboration between the Federal government and the private sector to help secure the U.S. against cyber attack.

The attacks against U.S. multinationals have stepped up in recent months. Other companies such as U.S. banks and Chevron Corp. have been targeted by what are apparently nation-sponsored attacks, according to reporting by the Wall Street Journal.


Leave a Reply

Your email address will not be published.

Please Answer: *