By Chris Thatcher | June 2, 2017 Estimated reading time 4 minutes, 12 seconds.
Aerospace and defence companies must band together to counter cyber threats, says the former commander of U.S. Cyber Command.
The pace of technological change may present companies with tremendous opportunity, but the more networked they become, the more vulnerable they are to attack. While many cyber incidents in recent years have been more disruptive than destructive–often involving the theft of business data, intellectual property, or denial of service–events such as the 2012 Iranian attack on Saudi Aramco computers that damaged or wiped out over 30,000 systems in a matter of hours are a stark reminder of how defenseless companies can be.
“Those that can’t attack us physically are going to use cyber,” retired Gen Keith Alexander told an audience of defence executives and military and government officials at the CANSEC tradeshow in Ottawa, Ont., on Thursday.
The former director of the National Security Agency (NSA) and a career military intelligence officer, who today provides cyber security solutions, training and consulting, warned that nation states and terrorist organizations will exploit the vulnerabilities of business sectors unless those sectors are willing to share information and collaborate on collective defence.
“The reality is that the corporations here see more threat information in cyber than any government in the world,” he said.
Defence departments and national security agencies may have a mandate to defend their countries against cyber threats, but they can’t do it without public-private partnerships. Sectors such as aerospace, he advised, need to be willing to share threat information to help the entire sector “understand the intent of adversaries” and ensure that an attack on one does not become a weakness to all.
“The government cannot see that. A public private partnership has to occur,” he said. “We have to get industry by sector working together at network speed.”
Alexander served as director of the NSA when former government contractor Edward Snowden copied and leaked classified NSA information, and is sensitive to the concerns of privacy advocates. But he argued networks, civil liberties and privacy can be protected if the right standards and sharing arrangements are in place.
Given the history of corporate espionage, competing companies may be hesitant to share information about attacks or vulnerabilities to their networks. But Alexander believes they have a larger responsibility to national security.
“No company can defend by itself against persistent threats–eventually they will get in. Think of just the intellectual property alone. . . that is your future revenue,” he said. “If you don’t secure it, somebody is going to steal it. We have to make that harder. And the only way I can see of doing that is by [organizing sectors and sharing] and training, and then ensuring government is organized appropriately.
He suggested a framework that would provide corporate standards for metadata sharing, and the means to regularly “train, rehearse and practice that.” Government, however, would need to adjust some of its practices to better collaborate with industry, he acknowledged.
“Technically we can do [it],” he said. “It starts by bringing industry together by sector. You are an innovation nation. Your future is those things you create. If you lose those, you lose your economic advantage.”
