RSA: Experts Say U.S. Cyber Threat Is Real
Panelists agreed that the U.S. faces rapidly escalating problems with cyber warfare and cyber espionage, data theft and malware attacks on corporations and federal infrastructure that will persist as long as glaring vulnerabilities in government networks remain.
Clarke said that U.S. networks are continually under attack, citing last year's logic bomb hack on the U.S. electrical grid. Clarke said that the attack indicated the likelihood of future assaults on U.S. infrastructure. "That's not cyber espionage, that's preparation for warfare," he said.
"We're talking about the cloud as if it's the most important issue," Clark continued. "We are being attacked. We're being attacked by the governments and criminal gangs from China and Russia."
However, viewpoints diverged on how to address the problem. Rotenberg argued that while U.S. networks are plagued with security holes, imposing sweeping security restrictions, monitoring systems and security policies on users' online behavior would inevitably create a myriad of privacy issues that could violate Constitutional law.
"Privacy is what ends up being collateral damage," Rotenberg said. "Every one of those (security) scenarios becomes a justification for some kind of intrusion for the user that has done nothing wrong."
Clarke suggested that the government have oversight on an outside agency or private organization that would conduct deep packet inspection on tier 1 ISP networks in search of malware.
Rotenberg warned that NSA deep packet inspection could give the agency carte blanche to search for other information and could potentially lead to unlawful surveillance.
"I think we have to be careful if we go down that road," Rotenberg said. "The folks at NSA are not just interested in looking for malware."
Chertoff, who did not discuss details of the electrical grid hack, suggested that the government take decisive steps to educate the public on the ramifications of surrendering privacy, while not-so-subtly rebuking government for its continual failure to act swiftly to address the problem.
"To me there's got to be public demand for this. The public has to understand what's at stake when they give up an identity. We need to explain to people what the consequences are in terms of identity theft," he said, adding "Saying it's hard and 'let's talk about it' for three years is not the answer."
Chertoff said that part of the problem in finding a solution stemmed from lack of public demand due to ambivalence and ignorance.
"I will tell you that people have been preaching about this issue for years and years. The reaction from a lot of the public is either indifference or that it's overblown -- it's not a serious problem," he said. "It's my belief that the solution seems so complicated to the average person, they can't really understand it and they feel disempowered and they ignore it. You've got to give people a solution that is successful and that they feel comfortable adopting and then they will respond to it."
Meanwhile, Chertoff said that there would likely be a cyber catastrophe that would galvanize both the government and private sector to action.
Others disagreed that was the best course of action.
"The problem with waiting for the cyber Pearl Harbor, is that that we're having little Pearl Harbors every day," Clarke said. "We're prosecuting a very tiny percentage of cyber crime. Why do we always have to wait for disasters to solve problems that we all can recognize in advance?"