Trojans, Malware and Botnets got you down…?
“Duqu”, “Stuxnet”, “Zeus”, or some combination of all three - a “Super Trojan”, attacking your critical infrastructure? Who ya gonna call?
Cyber attacks are not just an odd jumble of names, but a favorite terrorist approach requiring an effective, comprehensive counter-offensive -- the kind of collaboration that EUCOM’s J9 Interagency Partnering Directorate champions. We advocate cross sector cooperation and interagency coordination.
Recently, Germany’s Ministry of Interior’s Federal Office for IT Security invited me and more than 130 other from more than 20 nations, including Israel, Estonia, Japan, Saudi Arabia, Russia and Norway, to observe its exercise that addressed cyberterrorism and explored collaborative solutions. The broad interest stemmed from the realistic scenario: cyber attacks on critical infrastructure. Each year 20 million new viruses are detected worldwide. Just five years ago that number was only 3 million per year. Botnets, malware, phishing, hacktivists: this is the language of today’s new security threat. The response to cyber attacks can consist of an equally obscure new language of honeypots and spam traps meant to frustrate or deceive botmasters.
Though the terms may be unfamiliar, the havoc they wreak unfortunately is not. We know that cyber attacks are employed not just for cyber crime (i.e. to access your bank account), but also to discredit national agencies and governments (i.e. the cyber attacks against Estonia and Georgia). It is incumbent on all of us to “know our enemy” to best defend against such attacks. The best means for doing so is for governments to regularly partner with academia and the private sector (i.e. with IT safety enterprises) to form a sort of cyber coalition.
Clearly, the defense against cyber attacks is much more than just a fight against malware. This is an area that calls for “whole of society” responses, involving national leaders managing situations in a comprehensive approach. Such an approach should involve law enforcement, businesses, international organizations such as the EU and NATO, the military and academia.
J9 is a “whole of society”-focused directorate. Notably, we are home to EUCOM’s critical infrastructure expertise. This team of engineers is conversant, for example, with the Global Information Grid (GIG), the terminus of transatlantic undersea cables, and Department of Defense-operated satellite facilities here in Europe, and we work to ensure the reliability of this infrastructure against cyber attacks so it can assist our own military missions. The Interagency Partnering Directorate is also charged with reaching out to academia and to the private sector. Recently, we have worked with private companies such as Cisco, McAfee and Symantec and with the Business Executives for National Security (BENS) to assist a NATO nation in bolstering its cyber understandings. Finally, the J9 hosts representatives from federal interagency partners including the Department of Homeland Security, the U.S. federal lead for cyber response. Those partners also include representatives from Departments of Justice, Energy, and State, among others.
All of us are interested in cross sector cooperation and comprehensive solutions. I believe, as demonstrated in recent exercises involving cyber crime, that “whole of society” coordination is indispensable. A good German phrase sums up our thinking: Uebung macht den Meister (“Practice makes perfect.”)