On March 27th, 2012, Devlin Barret reported for the Wall Street Journal on comments made by Shawn Henry, the FBI's departing cyber head. Notably, Mr. Henry said that in the context of cyber-espionage, the current public and private approach to trying to stop hackers is "unsustainable." It's unsustainable in the sense that the U.S. can "never get ahead, never become secure, [and] never have a reasonable expectation of privacy or security."
The WSJ article noted that Mr. Henry criticized the lax cybersecurity efforts of company executives. Over the course of FBI investigations, some companies have discovered that they've been breached for not only months, but years. This, according to Mr. Henry, gave the hackers "full visibility into everything occurring on that network, potentially." However, some company executives still don't recognize that there is a problem. Even if a company decides to build cyber-defenses, Mr. Henry explained that "[y]ou can only build a fence so high . . . the offense outpaces the defense, and the offense is better than the defense."
Richard Bejtlich, CSO at Mandiant: In the case of Chinese cyber-espionage, "94% of the targeted companies didn't realize they had been breached until someone else told them."
James Lewis, CSIS: there's not a single secure, unclassified computer network in the U.S.
You can find the WSJ source article here.
Leave a Reply