“Response” is exactly what’s allowing this to happen. It’s the culture of reactionary ‘patch and pray” that continues to be the industry norm instead of proactive defense that is the issue. Reactionary means only reacting, therefore you have to wait for something to happen.
Obama administration’s diplomatic, legal response is encouraging more cyber attacks
The United States will continue to suffer increasingly damaging cyber attacks against both government and private sector networks as long as there is no significant response, according to a recent U.S. intelligence community assessment.
Disclosure of the intelligence assessment, an analytical consensus of 16 U.S. spy agencies, comes as the Obama administration is debating how to respond to a major cyber attack against the Office of Personnel Management. Sensitive records on 22.1 million federal workers, including millions cleared for access to secrets, were stolen by hackers linked to China’s government.
U.S. officials familiar with the classified cyber assessment discussed its central conclusion but did not provide details.
Last week, Adm. Mike Rogers, commander of the U.S. Cyber Command, said the increase in state-sponsored cyber attacks is partly the result of a perception that “there’s not a significant price to pay” for such attacks.
Privately, administration officials said the assessment appears to be an indirect criticism of the administration’s approach to cyber attacks that has emphasized diplomatic and law enforcement measures instead of counter-cyber attacks.
“The administration is expecting more attacks because they’re unwilling to do anything,” said one official. “They’re preparing for more attacks because we’re failing to deter and defend against them.”
Intelligence and cyber security experts agreed with the assessment that weak U.S. responses are encouraging more cyber attacks.
“Until we redefine warfare in the age of information, we will continue to be viciously and dangerously attacked with no consequences for those attackers,” said retired Army Lt. Gen. Mike Flynn, a former Defense Intelligence Agency director.
“The extraordinary intellectual theft ongoing across the U.S.’s cyber critical infrastructure has the potential to shut down massive components of our nation’s capabilities, such as health care, energy and communications systems. This alone should scare the heck out of everyone.”
James Lewis, a cyber security expert at the Center for Strategic and International Studies, agreed. Lewis said the defensive approach that emphasizes closing vulnerabilities to cyber attacks is not working.
“Unless we punch back, we will continue to get hit,” Lewis said.
Full article: Intel Assessment: Weak Response to Breaches Will Lead to More Cyber Attacks (Washington Free Beacon)