WASHINGTON — A new study warns that the U.S. must develop cyber intelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.
The report by the Intelligence and National Security Alliance says the dramatic expansion of sophisticated cyber-attacks has moved beyond acceptable losses for government and businesses that simply threaten finances or intellectual property.
“The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown,” said the report, which is slated to be released later this month. It adds that it is not clear that the business community understands or accepts that.
The report comes amid growing worries the U.S. is not prepared for a major cyberattack, even as hackers, criminals and nation states continue to probe and infiltrate government and critical business networks millions of times a day.
INSA, a non-partisan national security organization, says the U.S. must develop strategies beyond the current “patch and pray” procedures, create cyber intelligence policies, coordinate and share intelligence better among government agencies and businesses, and increase research on attack attribution and warnings.
And it says the U.S. must develop effective cyber intelligence so officials can assess and mitigate the risks.
Many of the report’s observations echo sentiments expressed by Pentagon and Department of Homeland Security officials who have been struggling to improve information sharing between the government and key businesses. But efforts to craft needed cybersecurity legislation have stalled on Capitol Hill.
INSA’s report also lays out the growing threats from other nations — including those who are friendly, corrupt or just unable to control hackers within their borders.
While it doesn’t name the countries, it notes that failed states provide opportunities for hackers, as they do for criminals and terrorists, while other nations tolerate the criminals as long as they concentrate their activities beyond their borders.
U.S. officials have long pointed to Russia and China, as well as a number of Eastern European nations, as some of the leading safe havens for cybercriminals, or government-sponsored or tolerated hacking.
At the same time, the report warns that the U.S. has also outsourced much of the design and maintenance of computer technology to other countries where potential adversaries can easily insert themselves into the supply chain.
“The present situation is as dangerous as if the United States decided to outsource the design of bridges, electrical grids, and other physical infrastructure to the Soviet Union during the Cold War,” said INSA, which is headed by Frances Townsend, who was homeland security adviser in the Bush administration.
Much like the criticism of the overall intelligence community in the aftermath of the Sept. 11 attacks, the INSA report says that cyber intelligence needs better coordination among government agencies, as well as with the private sector.