Results tagged “Critical Infrastructure Protection” from Lohrmann on Infrastructure

"We need your help to stop online thieves."

 This surprising message from many banks to their customer base is becoming more popular as online bank robbers are getting more sophisticated, patient and dangerous. Gone are the days when marketing brochures insisted that online accounts were just as safe as traditional banking with a teller. The new message seems to be: "We're in this battle together, so can you please lend a hand?"

 USA Today's headline entitled: Banks seek customers' help to stop online thieves offered a fairly bleak assessment of current abilities to stop the bad guys - unless we all work together.

"Cyberattacks against individual online accounts have become so sophisticated and pervasive that the American Bankers Association (ABA) is now asking consumers to 'partner' with banks to keep cyberrobbers in check.

The banking industry wants consumers to monitor their online accounts for unauthorized transactions on a "continuous, almost daily, basis," says Doug Johnson, the ABA's vice president of risk-management policy. "

The article goes on to offer a scary story to illustrate the point that this has become the new normal in online banking. With 80% of US households now participating in online banking, this issue is very serious. More than that, this call to share the security load is a 90-degree turn, in my opinion. A decade ago, banks and other financial institutions insisted that the online risks were as low (or lower) than conducting your bank transactions at branch offices - with the convenience of staying at home and not waiting in line. 

So does this issue affect government? Absolutely! Here's how.

Cybersecurity experts in government have been working with our banking partners for years regarding technology and processes for securing online transactions. We attend many of the same meetings and security conferences. We work with the same vendors. The banking industry has generally been leading cybersecurity activities, and they have often offered the way forward for online government. Bottom line, we are all in the same boat as partners. 

 I have seen several respected colleagues go back and forth between these two communities, such as Greg Garcia who went from US Cyber Czar at the Department of Homeland Security (DHS) to a senior executive position at the Bank of America working on identity management and cybersecurity. Other banking colleagues participate on the same panels at security and technology conferences such as RSA and GovTech South Africa.      

Beyond security community interaction, we all know that more government transactions go online every day - involving citizens, businesses and other governments. For efficiency and customer service reasons, e-government has been hot for a decade and continues to get hotter in tough budget times. This trend is only accelerating online as services ranging from tax preparation for businesses to camp ground reservations for families are placed on the Internet. These services offered are the vital backbone for government technology professionals, and the scope of this issue is rapidly expanding.

 So should governments follow the leading of banks? I predict that this will happen over time. In order to ensure the integrity of our online government processes, we will need to work end-to-end to secure online transactions. This means that consumers and providers will need to get involved. [One side note, many governments have offered end-user training for citizens, schools, businesses and more for years - such as Michigan's cybersecurity training.]

How fast will this new trend develop? What will be the next step(s)? How far will the banks go in counting on customers to help? Will government online transactions move to two factor authentication like European banks did years ago?

  I'm not sure, but I think that our colleagues at US banks will continue to show us the way - since they are in the hottest part of this cyber battle. I do think that we'll be hearing more lines like "All Aboard!" when it comes to securing online transactions. So yes, it's back to training our children and neighbors.

What are your thoughts on this topic?

Are we truly at a significant crossroads in the protection of our Nation's critical infrastructure? More specifically, will the cross-sector cyber infrastructure issues now be addresed with a sense of urgency and be given the required resources to build-in the required 21st century security protections? Have the many state and local government computer infrastructure issues become a real priority? I'm now more optimistic. 

What modified my opinion? We held our second annual Michigan Cyber Security Summit in Lansing this week, and I was honored and privileged to introduce and interview Harry D. Raduege, Jr., Lt. General, USAF (Ret) as part of an extended keynote session at the end of the day. Not only was I impressed with his words, I was motivated and encouraged by his unique perspective.

General Raduege's very impressive military career included several years as Director of the Defense Information Systems Agency (DISA). He is currently the Chairman of the Deloitte Center for Network Innovation, and he was recently the co-chair for the Center for Strategic and International Study's (CSIS's) Commission on Cybersecurity for the 44^th Presidency.   

 After his initial remarks, our conversation centered on the recently released results of the 60-day Cyberspace Policy Review which has received a huge amount of media attention. The General covered the background on these issues, the link between the Commission's findings and the Policy Review, and the near and mid-term actions to be taken.  

Two of my questions included: "Why is this a crossroads? How is this situation different than before?"

General Raduege responded by describing with passion the billions of dollars we are losing to organized cyber crime. He articulated a strong business case, and he provided scary facts regarding illegal access to both private sector and government networks over the past few years. These were figures that I knew from press reports and from meetings with the Department of Homeland Security and other government agencies and states over the past seven years.  

But the General's answers intrigued me the most when he described President Obama's passion for this issue at the recent release of the 60-day Cyberspace Policy Review at the White House. He sat a few feet away from the President during the event, and General Raduege told us that a new focus was evident. This inside perspective came from a decorated career cyber expert with a great reputation.

At a post-event reception, several colleagues commented that General Raduege's passion was contagious.  

So I went home and took another look. Yes, I had already read the 60-day Cyberspace Review, but after the session, I reread most sections through a different lens. The Review's actual title is easy to overlook: "Assuring a Trusted and Resilient Information and Communications Infrastructure."  I had previously skipped over the preface to get to the "beef," but think about these important words from the preface:

"... But with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprises, and individual rights. The government has a responsibility to address these strategic vulnerabilities.

 The architecture of the Nation's digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations...."

More than the detailed action steps, these words are powerful. If acted upon, they show a new commitment that will greatly impact state and local government in many infrastructure sectors. Many computer issues need to be addressed from broadband Internet access to health IT to protecting airlines.

(One side note, the Air France 447 story printed in the United Kingdon (UK) on Sunday demonstrates the critical importance of computer infrastructure to all aspects of transportation. Even though "foul play" may have no part in that plane accident, if this computer crash theory is true, the role of computers will be under a spotlight once again.)       

 The skeptics will likely say that all of the words in the new cyber plan are nice, but we need action. There is no doubt that I have heard and read much of this over the past few years, without significant change across the country at the state and local level. There is certainly much to do, and more dollars are needed.

Still, I am encouraged that this issue is now a top priority in DC. I am also more convinced that additional resources will be applied to this urgent set of infrastructure problems. Whether this will be seen as a "Berlin Wall falling" type of moment or a significant cyber crossroads will be determined by the actions we take going forward. I think the Bush Administration understood the importance of this issue very late in their term, but the momentum which began last year seems to be growing. This topic should continue to have bipartisan support going forward.  

In conclusion, I urge you to reread the 60-day review as I did. But as you read, think of the resolve that our Nation had in the 18th and 19th centuries as we faced "threats foreign and domestic." General Raduege's words challenged me to think of our 21st century cyber threats as needing that same kind of united resolve and unity of purpose.

Yes, I knew most of the cyber attack facts and figures before, but now I am more inspired to believe that positive change is coming. Thank you General Raduege for your service and for coming to Lansing. You brought the "inside the beltway" words to life in Michigan.

What are your thoughts? Is this a cyber infrastructure crossroads?