FBI official says U.S. unprepared for cyberattacks
The Americas Post - Shawn Henry says we're in for big trouble. Photo Credit: FBI
A high-ranking official retiring from the Federal Bureau of Investigation has grim words about public and private attempts to block cyberattacks on corporate targets: “We’re not winning.”
Shawn Henry, the FBI’s executive assistant director for cybersecurity, told the Wall Street Journal that the government and private companies are incapable of protecting sensitive data from hackers. He described current tactics as “unsustainable,” saying that cybercriminals penetrate defenses with relative ease.
Henry, now departing the FBI after twenty years, gave his pessimistic appraisal as Congress tries to deal with the problem via two competing measures aimed at improving security at power plants, nuclear reactors and other infrastructure.
One Senate bill, in an attempt at bipartisanship, strips away a controversial Internet “kill switch” and makes other concessions. The authors stress the desperate need for a new cybersecurity plan at a time when major data breaches and denial-of-service attacks are increasingly making the headlines, however, several Republican senators have raised concern with the bill and have urged Senate leaders to allow time for other committees to weigh in.
Henry, who is departing the FBI for a cybersecurity job at an unnamed Washington firm, advocates companies make major changes to persistently vulnerable networks.
“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,” he told the Wall Street Journal.
On the congressional front, the bill introduced last month in the Senate, the Cybersecurity Act of 2012, calls on the Department of Homeland Security to consolidate cybersecurity programs into one office — the National Center for Cybersecurity and Communications.
At the heart of the bill is a requirement that the federal government identify the most critical components of the country’s cyber-infrastructure and require them to meet certain security standards. This would cover everything from the nation’s power to water to transportation services.
The bill would require DHS to look at systems that could, among other scenarios, severely damage the economy or cause widespread casualties if they were disrupted in a cyberattack. Operators would work with DHS to secure those systems.