[BreachExchange] Hayden says private sector will lead cyber defense charge

[Audrey McNeil]

http://www.scmagazine.com/hayden-says-private-sector-will-lead-cyber-defense-charge/article/495964/


When Gen. Michael Hayden first heard President Obama publicly refer to the
Sony breach as “cyber vandalism,” he thought the term was inadequate but
quickly realized there was no real term to describe that type of activity
in what he called “the largest ungoverned space in history,” the former
director of the National Security Agency (NSA told an audience at Centrify
Connect in New York Wednesday.

“I thought it was way beyond spray painting a subway car in the Bronx,” he
said. “It was more than cyber vandalism but we haven't gotten the big
concept squared as to what to call it. We're still at the level of
conceptualization.”

The Sony attackers almost got to the point of physical destruction, he
said, noting that some employees received messages with the equivalent of
“I know where you live, I know what car you drive and I know where your
daughter goes to school.”

But despite the severity of the attack and its implications, the U.S.
response was diluted in part because government officials and the military,
though it has added cyber to its land, sea, air and space objectives,
haven't noodled out how and when to respond.

Although, Congress finally passed an information-sharing act (“It took
three Congresses, not three years, but three terms,” Hayden stressed) and
Secretary of Defense Ash Carter recently pledged support for companies that
suffer similar attacks, “you're on your own,” the general told the
audience. Barring a threat of “significant loss of life,” which makes up a
tiny percentage of attacks, enterprises aren't likely to hear “the digital
bugle and the hoof beats of the digital cavalry coming over the hill to
save the day.”

Instead, private sector will step in, he said, noting that in the Civil
War, Generals Grant and Lee would tell military leaders “your troops are in
this corps” and that in battle they “must conform to the main body.” Hayden
said.  When it came to cyber, he “operated under the presumption that the
main body was government and the private sector should conform.”

He was wrong. “The private sector is the main body [in the cyber war] and
government should conform to it,” he said. “They are going to win or lose
the game for us.”

That's the principle reason that in the recent Apple-FBI battle, he's been
a vocal supporter of Apple. “The resolution is apparent,” he said, calling
it a “bad idea if Apple is forced to crack its technology for authorities.
“Why do that when the private sector needs to protect you?”

While he understands where FBI James Comey is coming from in his pursuit of
terrorists and criminals, Hayden said, “Comey's approach based on a very
narrow field of view of security” and noted that  ultimately “Mark
Zuckerberg's definition of privacy will have more affect than anything
Congress will do has done

Hayden also reiterated that “all nation states are involved” in cyber
spying, gathering intelligence with the U.S. being “the biggest,” although
unlike in some other countries, “your espionage [is done] for security,
Liberty not for profit.”

Russia, the general said, is the most sophisticated when it comes to skills
while China is impressive in the breadth of attacks. “I stand back in awe
of the scale,” he said.

Hayden also said he doesn't blame China for the Office of Personnel
Management (OPM) attack, because OPM is a legitimate target for
nation-states trying to gather intelligence. “OPM is not shame on China,
it's shame on us,” he said. If China had all of information on 20 million
sitting in one spot, “I would have busted through that baby in a heartbeat.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160512/cf52e8e7/attachment.html>