Stopping The Next Cyber Assault
Outgoing Chairman of the House Permanent Select Committee on Intelligence (HPSCI) Mike Rogers, (R.-Mich), has an Op-Ed in this morning’s Wall Street Journal, with the title above. Congressman Rogers, who was also an FBI Agent, writes that “in the ten years on the HPSCI, I’ve watched a range of national security threats grow, and evolve; but, none as quickly as cyber warfare.” North Korea’s hack of Sony Pictures Entertainment, and a cyber threat group called, “FIN4” represent an new era in the cyber domain Congressman Rogers contends. The FIN4 was recently discussed in a report by the cyber security firm, FireEye, who noted that the group had “hacked into nearly 100 publicly traded companies, and collected sensitive insider financial information (trading advantage secrets such as pending mergers and acquisitions) — in what is probably at attempt to manipulate the stock market for profit/financial gain. FIN4 uses sophisticated techniques, has native English skills, and demonstrates detailed knowledge of corporate practices and financial markets. Cyber financial crime isn’t new,” he acknowledges; but, FIN4 “shows that the threat has grown and evolved dramatically.”
“The Sony hack and FIN4 will not be isolated cases,” he warns North Korea just go a taste of the potential havoc they can wreak via the cyber domain; and, other nation-states and groups such as al-Qaeda, the Islamic State and others are also watching and learning. And, Congressman Rogers warns, groups like FIN4 could just as easily become a disruptor of financial markets — in essence shorting the market before they launch an attack — that would potentially reap them hundreds of millions of dollars.
What can and should America do to try and cope/mitigate against these new kind of threats? he asks. Playing defense is can be extremely expensive; and, you could spend yourself into oblivion, and still not be ‘safe.’ Congressman Rogers advocates that U.S. Intelligence “has an obligation to share actionable information — classified or otherwise, — to warn companies when they think an attack is imminent or underway. To enable this kind of sharing arrangement, Congress “must update current law, to expand the private-sector’s access to government-classified cyber threat intelligence. Laws must be updated to knock down any barriers, such as concerns about legal liability, or action by government regulators — that currently stop, or impede companies from sharing cyber threat information with each other, and the government.”
“The U.S. government also needs to bring all appropriate tools of national power to bear, to address this threat; and specifically, to respond to North Korea’s cyber attack. There are plenty of diplomatic, trade, and other options to make clear that the U.S. will not tolerate nation-state attacks on our companies. We need to make an example of North Korea. North Korea’s hack on Sony, and the FIN4 group’s hacks are warnings about what is to come. Congress and the Obama administration must heed these warnings, and take decisive action…to defend America and our economy, from these growing threats.”
I don’t disagree with Congressman Rogers regarding the sharing of classified intelligence with corporate America. I think we are the only nation on Earth that doesn’t. Having said that, the devil of course — is in the details. Sharing intelligence with established corporations, and not small startups — could, and probably would in many circumstances — give those companies a competitive advantage over much smaller and startup companies that are so crucial to our economic future. In essence, we could inadvertently stifle competition, by aiding certain companies — and not others. I don’t know how to translate Congressman’s Rogers proposal into something that both is good for America, and good for our economy. We will need to move down this road very carefully and with much deliberation — too much is at stake to do otherwise.
Responding to North Korea’s hack of Sony — if we’re sure they did it — is also very important. And, there must be a clear demonstration of our ability to do so — otherwise, al Qaeda, the Islamic State and others — who are watching and learning — will make the next move — which could be much more costly, and potentially catastrophic. V/R, RCP