The “patch and pray” system within the United States has killed cyber security. Nobody is willing to commit any funds to protecting the system until something has already happened. Unless this way of thinking is changed and experts begin to go on the offense with cyber defense, America’s IT infrastructure is as good as dead.
Another week, another wave of cyber alarm in America. On Wednesday both the New York Stock Exchange and United Airlines suspended activity for several hours due to mysterious computing problems, while the Wall Street Journal’s website briefly went down. All three insisted that the outages reflected technical hitches, not malicious attack. But many are anxious after past assaults on mighty American companies and agencies.
In February Anthem, an insurance company, revealed that cyber hackers had stolen information on 80m customers. The Washington-based Office of Personnel Management said cyber hackers had taken data on millions of federal employees. Companies ranging from retailers to banks have been attacked, too.
On Wednesday — just as the NYSE was frozen — Cambridge university and Lloyds insurance group released a report suggesting that if a cyber assault breached America’s electrical grid, this could create $1tn dollars of damage. A few minutes later, James Comey, the FBI director, told Congress that it is struggling to crack encryption tools used by jihadis. In May, Mr Comey said Islamic terrorists were “waking up” to the idea of using malware to attack critical infrastructure. It is scary stuff.
The key issue that investors, politicians and voters need to ponder is not simply who might be the next target, but whether Washington has the right system in place to handle these attacks. The answer is almost certainly No.
Either way, Washington needs to answer the question that Henry Kissinger once posed in relation to Europe: in a crisis: “Who do I call?” Some countries have found ways: Australia has impressive levels of co-ordination between the public and private sector over cyber defences. But as the sense of tribalism builds in Washington, the sad truth is that it may take something — like a really big crisis — before anyone can bang bureaucratic heads together in an effective way. Better just hope that this “something” will not be too devastating; such as a real attack on the transport sector and markets.
Full article: Prepare for more cyber attacks on US (Financial Times)