U.S. gears up for cyberwar amid conflicting ideas on how to fight it
Kevin Mandia, CEO of Mandiant, and Senior Consultant Jerry Nguyen demonstrate how a hacker infiltrates a network.
February 24th, 2012
04:00 AM ET

U.S. gears up for cyberwar amid conflicting ideas on how to fight it

By Suzanne Kelly and Pam Benson

The ancient Chinese military Gen. Sun Tzu emphasized that an effective war strategy required quick and appropriate responses to changing conditions.

If that is the measure of the battle for cyberspace, some experts would argue, the U.S. is losing.

Hackers are infiltrating networks and personal computers daily. Most often, victims don't even know they've been infiltrated until the damage is done.

The question now is just who will help prepare the U.S. to better position itself for the longer war?

Congress, former government officials and private sector experts often have conflicting ideas.

One example of that came from former director of National Intelligence Mike McConnell speaking this week at a cyber panel at George Washington University.

McConnell suggested granting the super secret National Security Agency the power to patrol private networks, both foreign and domestic, for signs of attack.

Such suggestions make some who are concerned about privacy and civil liberties, queasy.

McConnell argued that networks could be protected from unwanted government monitoring by legislation that would prohibit the NSA from looking at network content as they scan for bad guys.

As he put it, there is not a corporation in the country that can successfully defend itself against the threat, so why not grant power to the agency that already sees the globe at network speed?

"The question is, if it moves at network speeds and goes from one side of the globe to the other in less than a second, do we want to empower NSA to look at domestic networks to find bad things," McConnell said.

"That's monitoring. Well you can say well that's scanning, scanning for malware. You can define this lots of ways. You can also make it illegal to look at content. I think if you investigate and understand the behavior of these agencies, they do not violate the law. So make that part illegal and make scanning for malware legal. That's another way to address that issue."

Surveying the battlefield

As McConnell laid out his thoughts, another panel of cyber experts was convening across town.

Federal Communications Commission Chairman Julius Genachowski told the Bipartisan Policy Center crowd that some $8 trillion was exchanged each year on the Internet. Shutting down the Internet, he said, would essentially shut down our economic growth engine.

He outlined what he sees as the biggest threats, and called on Internet service providers to do a better job of informing Internet citizens about the risks they face every time they logon.

Botnets are perhaps the biggest threat, according to Genachowski. Essentially, botnets are like robots that take over your computer, rendering it a "zombie". One single botnet, Genachowski told the crowd, controlled some 12 million computers in 190 countries for a short period of time.

Actually controlled them, with the ability to perform transactions, steal data, you name it.

Internet 'hijacking' is another critical concern. A recent case of Internet hijacking saw Internet traffic being "re-routed" through a Chinese server where it was more than likely monitored. It was one single attack that had millions of pieces of e-mail traffic hijacked. That "battle" lasted just 10 minutes, but even the experts can't tell you the extent of the damage done.

Domain name fraud is also on Genachowski's top three lists. It allows identifying information about existing websites to be changed. You might think you're looking at your bank's website, but really it's being run by a criminal in some back room in another country. It actually happened in Brazil in 2009. The country's biggest bank had its online identity stolen for four hours, compromising customer's user names and passwords.

The FCC estimates the cost of such Internet attacks is in the tens of billions of dollars annually.

Saving business is a key concern of those drawing up the battle plan for this cyberwar, but protecting lives is important, too.

One bill introduced last week in the Senate proposes to require private companies that operate "critical infrastructure" to prove that they are protecting themselves from cyber attack.

Under the legislation, the Department of Homeland Security would determine which businesses are deemed "critical infrastructure." It would include things such as water filtration plants, air traffic control systems and electrical grids.

But Stewart Baker, former assistant secretary for policy at DHS and now a partner at Steptoe & Johnson LLP, calls Genachowski's efforts little more than "jawboning."

"It is an incremental step, but it's not even the beginning of the solution. The other guys have already lapped us and all we've done is tie our shoes," Baker said.

The private cyber warriors

Kevin Mandia was an unlikely cyber warrior. Stationed at the Pentagon in 1993 as an Air Force computer security officer, mainframes were his life from 9 to 5. He wanted to be a medical examiner and sort through the "blood and guts" to figure out what had caused some catastrophic event to a human body. Instead, he heads a firm that deconstructs cyberattacks and tells Fortune 100 companies just how the attack was launched. His company is actively investigating more than 40 intrusions reported by clients.

When he started the company in 2004, it was a one employee operation. Today, he employs more than 200 people. He's flown more than 100,000 miles a year for the past several years visiting clients who have been the victims of cyber attacks. He's not a big believer in government curing the problem.

"Cancer. We've known about cancer for 4,000 years and we've never cured it," Mandia said from his company headquarters in Alexandria, Virginia. "I think with a lot of the IT security woes, people think there's going to be a cure, you can legislate a cure, and to me it's almost like legislating a cure for cancer. It's more complex than that and the complexity is because a lot of the intrusions rely on human nature."

Mandia literally banks on human nature. That's because part of the problem with Internet security is the user. Using a computer screen displayed on an oversize monitor, he overlays the user's screen with the hackers. As the user logs into his e-mail account, the hacker waits. He has done his research. He knows that just a day earlier, the user attended a conference on security. He knows that because of the Internet. Both the conference and a list of attendees was posted on a company website. The hacker has downloaded the PowerPoint presentation that was given, infected it with a malware program to take over the user's computer and e-mailed it to the user with the subject line reading: Thank you for attending the conference. PowerPoint presentation attacked. With one click, the user has allowed the hacker into his computer.

"We are trusting and I think you've gotta be, and a lot of the intrusions I've seen would work on me," Mandia explains as he lays out just how cyberattack work so well.

Mandia predicts decades of growth for cybersecurity specialists ahead, regardless of what the U.S. government eventually does to tackle the problem.

"I think there's gonna be a growth in it because the private sector has to protect the private sector in this regard," Mandia said. "There's not going to be a magic phone number to get a DHS person on the phone for a computer intrusion."

soundoff (12 Responses)
  1. improve website traffic

    That is really fascinating, You're an excessively professional blogger. I have joined your feed and stay up for in quest of more of your great post. Also, I've shared your web site in my social networks

    April 11, 2012 at 5:08 am | Reply
  2. lance

    communist china is the number 1 culprit. stop buying chinese made crap hurt their economy and strengthen ours.

    February 25, 2012 at 5:59 pm | Reply
  3. See DOWNLOAD MP4/3GP VIDEOS FOR FREE PLEASE NOTE: U MUST BE 18

    nice comments guys

    February 25, 2012 at 3:30 am | Reply
  4. Stupid Goyim

    israel is our enemy.

    Real American Patriots want nothing to do with israel. Think Ron Paul.

    Plus cnn is a red herring spouting Nazi-style propaganda. cnn is guilty of spreading hate and fear. No longer a news organization, cnn has become a zionist tool. Excite anxiety with no debate about why the whole world hates israel – instead cnn spouts out a constant beating of the war drums against any country or person that opposes the evil ideology of zionism. cnn promotes censorship instead of reasoned debate.

    cnn's stories are pitiful, lame and plain silly . . .all idf propaganda. Then there are the traitors who show up in cnn articles and tv video-takes that talk of war with Iran and proclaim their loyalty to defend israel. You would think they would be trying to keep us Americans out of harm way but with manufactured 9-11 events, the zionist controlled U.S. government does all it can to try to convince people that Iran is our enemy. Iran is not our enemy.

    Our enemy is israel. We're being conned. The federal reserve, debt, the IRS, Federal Taxes, all of it . . .IT'S SLAVERY!

    From Obama to most of the jerk offs in Congress, to the whole dang system – it's design to benefit the dirty evil zionists in israel.

    Pure madness!

    It won't stop with Iran . . . after Iran, it will be Pakistan, then India, then China. And in every war that will come along, the dirty evil zionists will benefit and you won't see one gutless baby-killing idf jerk off on any of the battlefields that you'll find our dead fighting forces on. Our children and yours! Dying for a foreign country like slaves.

    We're doing all the dying and they do nothing but collect the money our traitor zionist-bribed Congress gives them every year.

    What the heck, I want America back!

    The dirty evil zionists in israel are not are friends.

    The men who run cnn should be ashamed. But what the heck, lies are lies and liars are liars.

    February 24, 2012 at 8:20 pm | Reply
  5. Jim Marye

    What's really amazing is that we have been talking about this possibility for a long time. I know there has been a great deal of effort put in to thinking about it, but what is the outcome. Next to a devasting attack by a coventional WMD, this could be easily catagorized as such and just as devasting. Folks that live daily on the ability to use their ATM or Credit Card to buy gas, groceries and what not would not be able to make any purchases. Banks would have serious problems since their systems are all automated and use the Internet. What about all the other things we rely on the internet for, they would be just as easily wiped out. I certainly hope we are not just now implementing safeguards since I am sure that the bad elements of the world have been busily looking for ways to cripple the US and our Allies.

    February 24, 2012 at 3:30 pm | Reply
  6. thelastindependent

    That's why I will never use a credit card. EVER!

    February 24, 2012 at 11:37 am | Reply
    • Ade

      I'm sorry, how old are you by the way? It is either you are too old to need one or you are too young and do not really understand what you are talking about.

      February 24, 2012 at 8:35 pm | Reply
  7. See DOWNLOAD MP4/3GP VIDEOS FOR FREE PLEASE NOTE: U MUST BE 18

    haha funny statement from a copy cat country like china

    February 24, 2012 at 10:54 am | Reply
  8. mipolitic

    ask the white house they have a crew out there thwarting the negative opinions of the public about obamas re-election
    on the web .
    but hey when so many credit companies have calling centres on the other side of the globe which started all this cyber crime what else did we expect to happen.

    February 24, 2012 at 9:50 am | Reply
  9. michaelfury

    http://michaelfury.wordpress.com/2010/09/10/ghosts-in-the-machine/

    February 24, 2012 at 7:53 am | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.