President Barack Obama is shining yet another light on the rising cybersecurity threat in the US, sitting down with more than a dozen CEOs inside the White House Situation Room to discuss how government and the private sector can work together to better protect the nation’s citizens and critical infrastructure.
“What is absolutely true is that we have seen a steady ramping up of cybersecurity threats,” Obama said in an interview on ABC’s Good Morning America. “Some are state-sponsored [and] some are just sponsored by criminals.”
The timing could not be more apropos: Tuesday offered a bumper crop of cybersecurity red flags to add weight to the president’s statement. For one, a top US official told the Senate Intelligence Committee that cyber attacks are becoming the top global threat. It’s “grown to be right up there” with terrorism, said FBI director Robert Mueller, who said cybersecurity risks now keep him awake at night.
Ironically, Mueller, along with First Lady Michelle Obama, Vice President Joe Biden and other political targets were made the victims of a doxxing campaign, which published online supposedly authentic personal information like mortgage statements and credit reports.
Meanwhile, JPMorgan Chase and five other banks were hit with denial of service (DDoS) attacks in a renewed offensive on the financial industry yesterday. Attacks on banks have become an ongoing issue, spearheaded in 2012 with the launch of “Operation Ababil” by Islamist hacking collective Izz ad-Din al-Qassam. That attack wave was in protest of “The Innocence of Muslims,” an anti-Islam video that mocked the Prophet Muhammad. On New Year’s Day the group said that that the cyber-attacks will continue, noting in an online manifesto that “rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks.” Indeed, attacks in February and last week have continued the trend, with Chase becoming the latest victim of a website slowdown.
In January, a Ponemon Institute survey revealed that more than two-thirds of banks in the US have suffered DDoS attacks within the last 12 months. Gen. Keith Alexander, head of the Pentagon’s US Cyber Command, told Congress at Tuesday’s hearing that Wall Street firms were hit by more than 140 attacks in the last six months.
Chase confirmed that CEO Jamie Dimon is among those accepting the president’s invitation to the meeting. Another participant will be Exxon Mobil CEO Rex Tillerson, the oil giant confirmed, but the rest of the group will not be revealed until after the summit, the White House said.
Obama issued an executive order Feb. 12 aimed at improving the public sector’s ability to warn enterprises of imminent cyberthreats. It directs the government to share threat information with critical infrastructure owners, and for government agencies to develop a security framework that business can voluntarily adopt. The intention is that unclassified threat reports “that identify a specific targeted entity” will be shared, and that classified reports will be shared with “critical infrastructure entities authorized to receive them.”
The White House is also seeking a comprehensive piece of legislation to further information-sharing initiatives in order to protect critical infrastructure such as the power grid, water supply equipment, transportation hubs, and so on. US House of Representatives Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) introduced a new version of the Cyber Intelligence Sharing and Protection Act (CISPA) last month, which would make it easier for business and government to work together concerning threats, attacks and remedies in order to shore up defenses. For instance, the House bill as written would offer broad protection from lawsuits to companies that give over user data to the Department of Homeland Security, which in turn would share it with intelligence agencies on a need-to-know basis.
In the GMA interview, Obama noted the ramifications of inaction: “Billions of dollars are lost to the consequences. You know, industrial secrets are stolen. Our companies are put into competitive disadvantage. There are disruptions to our systems that…involve everything from our financial systems to some of our infrastructure.”
For DDoS protection click here.