The United States is under attack in cyberspace. Each year, the nation loses up to one trillion dollars in wealth and intellectual property, according to last year’s 60-Day Cyberspace Policy Review led by Melissa Hathaway. Foreign nations carry out espionage through cyberspace, searching out both government and industrial secrets. Cyber criminals siphon off millions of dollars from bank accounts across the United States. And the federal government experiences hundreds of thousands of probes of its networks daily.
To guard against the host of threats in cyberspace, the United States has turned to cyber warriors, who are skilled at fighting in the cyber domain. These 21st-century warriors work to thwart attackers in cyberspace at every turn. While the U.S. government is working rapidly to develop a core of in-house cyber professionals, the government-contracting community is currently stepping in to fill the void.
Dedicated cyber companies, alongside larger integrators with cyber components, work closely with U.S. government agencies to provide cybersecurity for day-to-day operations. They provide cyber-forensics investigators who help sweep the computers of criminals, terrorists and captured spies. They also at times provide an offensive component.
The contributions of the private sector do not stop with the federal government, either. Contractors also provide valuable services to the commercial and financial sectors, which are also hard-hit by cyber attacks and often lack the resources the government is able to bring to the fight.
“In our heavily networked world, cyber attacks represent a constant threat to both government systems and the critical networks we depend on for banking, communicating and powering our economy,” said Nadia Short, vice president and general manager, cyber division at General Dynamics Advanced Information Systems.
The level of technical skill needed to be an effective cyber warrior means the federal government will have great difficulty in securing the required workforce without the help of contractors. Additionally, the threat landscape in cyberspace changes rapidly, and companies and organizations that make it their business to track these changes closely will prove invaluable to any cybersecurity effort.
“Cybersecurity is the No. 1 threat facing our nation after weapons of mass destruction,” said Bill Varner, president of ManTech’s Mission, Cyber and Technology Solutions Group. “When you think of how dependent we’ve become on doing business via the Internet … it’s easy to see how large the impact of an interruption to that would be.”
Perhaps most importantly, the threats in cyberspace, particularly from cyber crime and cyber terrorism, are not just a threat to the United States. China also experiences significant levels of cyber-criminal activity.
“There can be a tendency to look at this microscopically but, in fact, it is beyond being a national and economic security challenge,” said Barbara Fast, vice president of cyber solutions at The Boeing Company. “This is a global security and economic challenge.”
Despite the number of different agencies, companies and nations involved, cybersecurity requires a level of cooperation perhaps not previously witnessed. The cyber domain means the world is truly connected. A cyber attack against one nation could potentially bring down networks in another. Therefore, cooperation is key to combating the problem.
“This is really a team sport,” said John Osterholz, vice president for U.S. cyber at BAE Systems.
The Cyber Threat
Cybersecurity is a vast field, and as such, there is little agreement surrounding what, precisely, is the gravest threat in cyberspace.
“There is no single threat,” said Dusty Wince, CEO of Knowledge Consulting Group. “Our nation’s network infrastructure and information assets are under attack daily from an onslaught of domestic and foreign cyber actors ranging from hackers to cyber terrorists.”
Center for Strategic and International Studies cybersecurity expert Jim Lewis said the biggest threat is the loss of U.S. intellectual property to foreign competitors, particularly in places like China.
“The real problem is economic espionage,” he said. “The degree of theft of intellectual property is amazing. This is a pervasive problem throughout the U.S.”
In fact, cyber espionage appears to be at the core of Chinese economic growth. “For the Chinese, this is an important part of their economic growth,” Lewis said.
Short sees the problem as a false sense of security, particularly as the country moves toward a greater integration of cyberspace in the daily lives of citizens.
“One of the greatest threats facing the nation in cyberspace is the false sense of security many enterprises have,” she said. “As technology converges into more integrated platforms, there are greater opportunities for cyber threats to have greater effect with fewer points of attack.”
Others view the problem as stemming from cyber crime. Data collected by the U.S. Computer Emergency Readiness Team on the first half of 2010 suggests the majority of malware attacks on federal systems are done for monetary and not information gain. Approximately 90 percent of detected malware on federal systems were designed to steal financial information.
“This statistic represents the dominance of financially motivated malware within the threat picture,” said Marita Fowler, section chief of the surface analysis group at U.S. CERT. “It is not that the federal government is being targeted by organized criminals; it is that we are a smaller portion of a larger global community impacted by this.”
However, there is more agreement surrounding cyber terrorism. While the potential damage for a cyber terrorist attack is significant, its current level of probability is low. Few terrorist organizations have demonstrated a cyber capability, and those who have are largely restricted to specific geo-political aims. Hezbollah has used its cyber capabilities to launch attacks against Israel as part of kinetic conflicts.
The other consideration with terrorism is, in addition to a potential lack of technical skills, the Internet provides global Jihadist groups like al-Qaeda with a recruitment and communication tool. Launching attacks that will down the Internet could cause significant harm to their cause as well.
Nevertheless, in the future, cyber terrorism could well be a problem. Experts like Lewis worry terrorists will eventually seek out cyber criminals, willing to do anything for money. With the transfer of just a few million dollars, cyber criminals could soon act on behalf of terrorists, launching cyber attacks and potentially carrying out cyber heists to feed into the terrorists’ coffers.
Some cyber experts view the threats to system integrity as greatest.
“As a trading nation, we live and die by our networks that allow us to trade,” said Larry Cox, senior vice president and business unit general manager at SAIC.
A nation-state or a terrorist group destroying the confidence in a process or system could wreck havoc on the United States, according to experts including Sam Visner, CSC’s lead cyber executive.
“It undermines people’s confidence in online transactions and it undermines the confidence we would have in business and in government to safeguard our information,” he said. “Anything that undermines confidence is bad for the economy and … [is] bad for us as a society. In a world where manufacturing efficiencies can exist almost anywhere, it’s an enterprise’s intellectual capital that’s really valuable; we can’t afford to leave it at risk.”
Zal Azmi, senior vice president of strategic law enforcement and national security at CACI, provides an interesting anecdote that illuminates the effect a lack of trust can have.
“I have a number of friends … that … have specific credit cards that they use on the Internet only once,” he said. “So after they purchase something, they discard that card. That’s how paranoid they are.”
In the future, Azmi sees the threat landscape to include Third World countries using cyber as a way to respond to U.S. foreign policy.
“I think we’ll see a lot of Third World countries that are not happy with the United States and our foreign policies and strategies,” he said. “We’re probably going to see a lot of cyber threats coming out of those areas.”
The Battlefield Is In Cyberspace
Unlike a conventional conflict, “combat,” if it can be termed as such, in cyberspace is fought along a non-linear model, similar to an insurgency, where the enemy can be anywhere. In the Internet model, new developments and attacks come much more rapidly than in a conventional environment.
All this requires cyber warriors to answer several questions, according to Fast.
“How do you have a nimble workforce?”she asked. “How do you quickly address the challenges that become known? How do you take advantage of small companies that have niche capabilities and universities and bring the best talent to bear to tackle and provide solutions?”
A central issue is the relative ease with which individuals can enter and use cyberspace for nefarious purposes, according to Visner.
“The technical and operational barriers of entry for bad guys … are very low,” he said.
The government demand for fighting off threats in cyberspace has also increased recently.
“In recent years, the tempo has really increased with government demands for addressing irregular warfare threats,” said Kathy Warden, vice president of cyber and SIGINT systems at Northrop Grumman. “The pace of technology introduction has increased rapidly, and it requires us to be more agile and responsive to stay ahead of these changes.”
To effectively respond to the changing nature of the threat, companies and governments must be able to adapt quickly.
“The threat is adapting so quickly that you have to develop technologies and business practices that can change or tweak your solution to the latest threat,” said Steve Hawkins, vice president of information security solutions at Raytheon. “The cyber threat often needs to be addressed in a matter of milliseconds or less.”
This aspect of cyberspace is likely to remain a challenge well into the future. “The hardest part of the cyber threat has, and will be, the fact that it is continuously evolving,” said Roger Anderson, vice president of network intelligence at Applied Signal Technology.
Also, the enemy has the advantage, being able to launch surprise attacks, stealthy probes and other assaults while maintaining a relatively secretive identity.
It is possible for attackers to launch cyber attacks while veiling the actual origin of the attack, according to Patrick Burke, senior vice president of offerings and products at SRA International.
“It’s really important that we be able to do attribution on those attacks which means being sure we know where they originated from,” he said.
The issue of attribution is incredibly vital to carrying out effective cyber operations. If an attack occurs, to even consider the possibility of striking back requires the victim to know who launched the attack and from where.
“While situational awareness is key, attribution is the Holy Grail,” Short said. “General Dynamics employs more than 50 percent of the cleared digital-forensics investigators in the country whose job is to name the attacker.”
Once an attacked is identified, law enforcement and military resources can be brought to bear, depending on the nature of the threat.
“We need continuing resilience throughout our network infrastructure, so that our adversaries know that they cannot cripple our national security or economy with a cyber attack,” said Lt. Gen. Harry Raduege of the Deloitte Center for Cyber Innovation. “We must solve the attribution problem, because if we don’t know who is attacking us then we cannot impose measured consequences to deter or counter them. Our enemies have to know that we can cripple their critical networks if they threaten ours.”
So why does the government have to turn to the private sector for these resources?
“Industry dwarfs government in these things,” Cox said. “So the resources are mostly contracted. This partnership is likely to quickly expand into the defense industrial base.”
In addition, companies operating in the defense industrial base are already operating on the cutting edge of these developing technologies and place considerable resources to tracking evolving threats and developing countermeasures.
“You need national security companies … that really do understand the advance information technologies that go beyond the expertise that what is commercially available,” Visner said. “These companies combine their understanding of information technology with an understanding of the nation’s security.”
To that end, many companies have taken to opening cyber innovation centers. Back in May, Harris Corporation announced the opening of a cyber integration center within the Washington, D.C., area.
“We believe that there is an emerging cyber market which will have several fundamental differences from the current ways of fielding and servicing IT and IT services,” said Gen. Dale Meyerrose, vice president and general manager for cyber integrated solutions at Harris. “We think it starts with the secured platform, encompasses a supply chain integrity calculation and process and then … the same thing needs to be applied to data and applications while they’re in action.”
Harris is not the only company to deploy a cyber center, either. SAIC opened the Cyber Innovation Center to develop innovative solutions to cybersecurity problems facing the United States.
“We’ve opened up here a cyber innovation center … so that we can work collaboratively with our partners to understand cyber challenges and create innovations,” Cox said.
The government-contracting community also provides a ready and skilled workforce.
“The government-contracting community provides a strong asset to the U.S. efforts by providing an agile and ‘on-demand’ contractor workforce that brings the required skills and expertise,” Wince said.
Why They Fight
The United States is the most networked nation in the world. The country relies so heavily on the Internet that extended disruptions could cripple energy and financial sectors.
“The national security of our nation depends on freedom of action in cyberspace, whether we are talking about financial transactions, weapons systems, or personal privacy information,” said Vincent Mihalik, vice president of cybersecurity solutions at Wyle.
The men and women who devote their energies to fighting the battles in cyberspace often have significant experience working for the government, in the military, intelligence or civilian communities. Cyber professionals are analytical and able to place themselves into the role of an attacker while still remaining grounded in reality.
“When I think about the people that I have known, the ones who have been really effective cybersecurity guys, the first characteristic is they tend to have a devious mind,” said Lance Cottrell, chief scientist with Abraxas. “They are able to put themselves in the shoes of the attacker and look at the network as the enemy would look at the network and then think about how to protect it.”
No specific background is necessarily required for an individual to be a good cyber professional, which often requires looking beyond the realm of computer-science graduates.
“It’s more the ability to analyze data and very rapidly draw correlation and understanding and to see that big picture from a lot of small details,” Warden said.
Despite the bad rap contractors seem to receive in mainstream media, most are not self-serving profit seekers. Instead, they are working day in and day out to ensure the United States remains secure.
“This is an adversarial environment that we are in because, frankly, information-enabled capabilities are absolutely essential to any nation, enterprise or any activity that is of substance,” Osterholz said.
Cybersecurity has recently become an increasingly important component to the national security of the United States. More than a year ago, President Barack Obama announced cybersecurity was a top priority of his administration. This growing importance is not lost on the men and women who participate in securing the nation’s digital infrastructure.
“I see that as one of the greatest threats out there today,” said Mike Fraser, president of USIS’ security solutions division. “It’s important that we understand it and it makes me feel like I’m able to contribute to that and be part of something bigger.” Other cyber professionals similarly concur. Providing cybersecurity solutions to the government helps the government to go about its business, according to Wince.
“We do our job and provide cybersecurity services that protect government IT infrastructures and networks, so the government can do its job,” he said. “Knowing that KCG makes a difference is what motivates us.”
The knowledge that cybersecurity is important leads to a total focus on the mission, which is vital in an arena that shifts so rapidly.
“We are totally mission focused,” Varner said. “Our objective is to stay ahead of our adversaries so that we can best serve our government clients.”
The focus and devotion to securing the nation’s critical infrastructure is vital to the future of cybersecurity. As the threats continue to shift, the cyber warriors supporting the United States must adapt quickly.
“It’s the speed to detect and the speed to respond and the ability to anticipate and respond before it happens that are the keys to the future,” Hawkins said.