Increasingly sophisticated and prevalent cyber attacks are threatening to do more than turn American computers into bricks. Today’s cyber attacks have the potential to undermine national security, infrastructure and democracy. And America will need to rise to several challenges to protect the country from that threat.
That was the advice of Michael Leiter to the Fort Meade Alliance’s annual Industry Day attendees on March 27.
Leiter, who helped establish the Office of the Director of National Intelligence, has held senior security positions in government and the private sector. He has served as President of Leidos Defense and Director of the U.S. National Counterterrorism Center. A partner with Skadden, Arps, Slate, Meagher & Flom LLP, Leiter is a member of the RAND Corporation’s Board of Trustees, the Department of Defense’s Threat Reduction Advisory Committee, the Aspen Institute’s Homeland Security Advisory Group, and the Council on Foreign Relations. He is also senior national security, cybersecurity and counterterrorism analyst for NBC News.
“Fundamentally, we have taken everything we value in our lives and we have digitized it,” Leiter said.
The wholesale integration of our professional and personal lives with smart phone apps, cloud storage and other digital technologies has made individuals, companies and governments vulnerable to cyber attacks. Furthermore, the nature and damaging impacts of those attacks are changing, Leiter said.
Cyber attacks are expanding beyond typical models, such as the data breach at Equifax or the ransomware attack on the City of Atlanta. Some attackers are aiming to inflict greater and even physical harm.
Last August, a petrochemical plant in Saudi Arabia was hit by a new kind of cyber assault — one designed to sabotage the plant’s operations and trigger an explosion. In March, U.S. officials revealed that Russian hackers had infiltrated the operating systems of some U.S. power plants as early as 2013 and demonstrated the potential to shut down parts of the American electrical system. U.S. intelligence officials have also concluded that Russian hacking, bot operations and online disinformation campaigns attacked the foundation of American democracy in the 2016 election.
Advances in artificial intelligence and the growth of technologies and services offered through the dark web threaten to make cyber attacks more formidable and more common, Leiter said.
To protect Americans from those growing threats, the U.S. needs to address several key challenges, he said.
The American educational system needs to support the development of more highly trained individuals in STEM fields. Key metrics – such as the numbers of PhDs awarded in STEM specialties and the number of scientific articles published on breakthroughs in engineering or physics – show America falling behind other nations.
“That’s not to say that we don’t have the best and brightest doing certain things. But in terms of volume and long-term investment, we are getting our clocks cleaned,” Leiter said. “We as a country have to make some basic investments in technology and education that, frankly, other countries in the world are doing better than we are right now.”
Employers, he added, need to support the development of a more diversified cyber workforce and the federal government needs to reform its “1945 civil service system” in order to attract and retain talented individuals who currently face a wealth of attractive job options in the private sector.
The federal government which has been “horrendously weak” at implementing a comprehensive cyber strategy throughout all government agencies and industry sectors, needs to foster greater public-private partnerships in order to access advanced technology and ensure that critical infrastructure is protected, Leiter said. Since the electric grid, financial markets and other critical systems are privately held, government accounts for only about 10 percent of cyber protection needed in America.
U.S. Cyber Command, the National Security Agency and the Defense Information Systems Agency “could do their job perfectly, absolutely perfectly and we could still have a completely insecure nation from a cyber perspective,” he said.
Finally, the U.S. needs to strengthen its collaboration with the Five Eyes (FVEY), Leiter said. This is the intelligence alliance comprised of Australia, Canada, New Zealand, the United Kingdom and the United States and other international alliances to counter the growing cyber threats from both state and non-state actors.
“I think those alliances are more important now than they have been probably since 1945,” Leiter said.