advertisement

Stopping Web villains: Cyber attackers have upper hand

WASHINGTON - U.S. companies and the government are spending billions of dollars to try to lock down valuable information they store in computer networks, but thieves and spies continue to steal everything from credit card numbers to plans for next-generation military firepower.

Every week we hear of a new breach. The recent cyberattacks against JPMorgan Chase not only gave hackers access to tens of millions of emails and home addresses of its customers, but may have been aimed at trying to disrupt Wall Street. Home Depot, Target and other merchants recently have been hit and chief executives have moved cybersecurity to the top of their agenda, according to speakers at The Washington Post's Cybersecurity Summit on Oct. 1. Excerpts from that forum are on pages 4 and 5 of this special report.

Arati Prabhakar, the director of the Defense Advanced Research Projects Agency (DARPA), the government agency that brought the world computer networking, said a $2 million prize awaits the winner of the Cyber Grand Challenge, a competition aimed at building an automated system that can secure software and detect harmful flaws.

Today's attackers have the upper hand because they have the "inexpensive task of finding a single flaw to break a system," DARPA says. "Defenders, on the other hand, are required to anticipate and deny any possible flaw - a goal both difficult to measure and expensive to achieve. Only automation can upend these economics."

As we await a better system to secure our networks, the current "patch and pray" approach is a gift to the bad guys. Hackers in Russia and China are behind many of the attacks on the U.S. government and companies, say cyber experts, including James Lewis, whose article in this report says the Wild West of cyberspace needs law and order - and needs it now.

House Intelligence Committee Chairman Mike Rogers, R-Mich., said there is a lot of debate about how aggressive the U.S. government should be in using its offensive cyber power.

"You don't want to reach overseas and flick somebody in the forehead if we're not exactly 100 percent sure that that was the perpetrator of that particular event," he said. "If you start this digital vigilantism about, 'Well, I got hacked. I'm going to go do something about it,' you could create a storm here, of which the rest of the network - that 85 percent [controlled by the private sector] - is not prepared to handle."

By the end of this year, the United Nations estimates that 3 billion people will be online and as each of us puts more and more of our lives in cyberspace - including bank information and health records - everyone has a stake in the race to make the Internet more secure.

- - - -

Washington Post Live's Cybersecurity Summit was co-sponsored by Lockheed Martin in partnership with the Cyber Security Policy and Research Institute at George Washington University. The Washington Post maintains full editorial control over the content of the conference and this special report. Video of the Oct. 1 event can be found on WashingtonPostLive.com.

Washington Post Live hosts conferences and events featuring the Post's journalists and top-level government and business leaders discussing the most pressing issues involving Washington and the world. The events are on-the-record, open to other media and have multiple sponsors. Next: Oct. 21 in Washington, America Answers: Fix My Commute; and Oct. 24 in San Francisco, #Techboomers: How baby boomers are embracing technology and driving its future.

Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.