US outgunned in hacker war

March 30, 2012 | Source: Wall Street Journal

The FBI’s top cyber cop offered a grim appraisal of the nation’s efforts to keep computer hackers from plundering corporate data networks: “We’re not winning,” and the current public and private approach to fending off hackers is “unsustainable.”

His comments weren’t directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren’t likely to better protect computer networks.

Henry said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy.

“I think we’ve lost the opening battle [with hackers],” James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies said, adding that he didn’t believe there was a single secure, unclassified computer network in the U.S.

High-profile hacking victims have included Sony and Nasdaq OMX Group Inc.

Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn’t realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added.