Globalisation and increased reliance on the internet raise the risk of cyberattacks, a top US government security official warned on Thursday.
The more the technology industry becomes globalised through outsourcing and international expansion, the greater opportunity for flaws to be introduced, Greg Garcia, assistant secretary for cybersecurity and telecommunications at the Department for Homeland Security, said during a speech in San Francisco at the RSA Conference.
Security is also threatened by the move to rely on the internet or a converged network based on the internet protocol for communications, including voice, video and data as well as other services, Garcia said. "This proliferation of devices and applications within converged networks is going to create a breeding ground for security problems," he said.
The number of attacks is already on the rise. In the final three months of last year, the US Computer Emergency Readiness Team, or US-CERT, received nearly 20,000 incident reports from public and private sources, Garcia said. That compares with 23,000 for the entire 12-month period before that, he said.
"Make no mistake — our networks and systems are vulnerable and they are exposed," Garcia said. "Our adversaries are sophisticated, nimble and organised and they will stop at nothing to achieve their motives, which include economic gain, advantage, espionage, revenge and publicity."
To respond to the threat, Garcia called for broad collaboration among the good guys, a call often heard from the government. In particular, businesses and organisations need to secure their networks and sign up for partnership efforts such as the Information Technology Information Sharing and Analysis Center, or IT-ISAC, Garcia said.
"Please join with your industry colleagues and with DHS," he said. "I would wager that we would see dramatic and measurable improvements in our national defenses against cybercriminals and terrorists and hackers."
To help, Garcia plans to ask Congress to think of possible incentives that would drive investments in security. Also, US-CERT this month will be collaborating with private security monitoring groups, including the National Coordinating Center for Telecommunications and representatives the IT-ISAC, he said.
"We can have a collaborative, real-time and trusted information-sharing environment that enables us to see what is happening on our networks and enables us to take immediate steps to fend off attacks," he said.
To test the nation's response to a cyberattack, the Department of Homeland Security plans to hold another major exercise, called Cyberstorm II, in March 2008, Garcia said. A first such exercise happened early last year.
