Cyber expert speaks on cyber security risks for nation, individuals and businesses
Article body
Frank Cilluffo, a globally renowned cyber expert and head of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, offers the below Q&A information on the cyber threats we face as a nation as well as those targeting individuals and businesses.
1. What is the biggest cyber threat that our nation faces, and what should we be doing to combat this?
“The threat comes in various shapes, sizes and forms. They range from nation-states, to criminal enterprises, foreign terrorist organizations, business competitors and hacktivists and script-kiddies. Just as diverse as the threat actors themselves are the wide variance in their intentions, capabilities and the tools they deploy. At the highest end of the spectrum lie advanced persistent threats. These include nation-states with sophisticated capabilities and demonstrated intent to harm the United States and its allies. China and Russia top the list. Having said that, Iran and North Korea are getting more and more aggressive; and both of these countries make up in intent whatever they may lack in the way of capability. In terms of recalibrating our response to this wide range of threat, a first order of business calls for shifting from a reactive to a more proactive posture. Business as usual–constantly swatting down the crisis or backfilling the vulnerability du jour is doomed for failure. As of now, and likely for the foreseeable future, the initiative remains with the cyber attacker. They will continue to have first-mover advantage over the defender. It is increasingly clear that we cannot simply ‘firewall’ or defend our way out of this problem. A more forward-leaning posture that is supported and underpinned by similar strategies and tactics is needed. For too long, our cyber-adversaries have had the run of the field, without the imposition of timely and significant consequences designed to discourage further malicious activities directed against the United States. Indeed, a robust deterrence strategy has been the primary element missing from the U.S. toolkit to date.”
2. How big of a threat is Iran to the U.S. in terms of cyber warfare?
“In recent years Iran has invested heavily in their cyberwarfare capabilities and has demonstrated a willingness to flex their cyber muscles. The recent indictment of Monica Witt also underscores the significance of the 'insider threat' and that Iran has combined traditional (human) espionage with cyber means to enhance their impact. In recent years, Iran has been behind a string of significant cyber attacks in the Gulf region, notably Saudi Arabia and UAE. One can surmise that they are using these targets as practice fields to refine their tactics and techniques that can subsequently be aimed at U.S. targets. More specifically, Iran has been very active in terms of targeting the energy sector, as well as the financial services sector and even U.S. dams. It should be assumed that they have done the cyber equivalent of intelligence preparation of the battlefield–or surveilled and mapped our critical infrastructures. This focus on critical sectors–taken together with Iran's hostile (and sustained) intent–makes the country a significant and growing threat, both in terms of destructive and disruptive attacks and from a counterintelligence perspective.”
3. How is Auburn's Charles D. McCrary Institute for Cyber and Critical Infrastructure Security advancing cyber security initiatives within the U.S. and beyond?
“The McCrary Institute seeks practical solutions to real-world problems, underpinned by research and scholarship. Our principal focus is on the intersection between cyber security and the so-called "lifeline" sectors–meaning the most critical of our infrastructures, such as the power grid. The Institute fuses theory with practice, and policy with technology. Our approach and solutions are designed to enhance security across the public and private sectors.”
4. Beyond the topic of national security, what's the latest cyber threat posed to individuals and/or businesses?
“The private sector never expected to find itself on the front lines of the cyberwar. Yet, adversaries such as Iran have targeted banks and other companies representing critical sectors for the United States (and other countries, too). Understandably, attackers will tend to go after ‘lower-hanging fruit’ rather than more hardened targets on the government/military side. But companies form the foundation of the nation's economic competitiveness, and theft of intellectual property is currently a major and concerning issue.”
5. What tips would you suggest for the public to protect them against hackers?
“Cyber security is everyone's business. Individuals need to arm themselves with knowledge, take advantage of available resources and, frankly, use common sense in cyberspace. Keep in mind that phishing is still involved in the vast majority of cyber breaches–at least on the front-end of most campaigns. As a nation, we also need to integrate cyber security into our curricula, starting at K-12 –and in fact, Alabama is a leader in this area, as the state is poised to introduce the country's first magnet high school/program in cyber security and engineering–through higher education. Public/private partnerships are also important and these in turn require a highly skilled cyber workforce. Here, the state of Alabama, Auburn University and the McCrary Institute can each help to make a real difference in the form of a lasting and meaningful contribution to U.S. national and economic security and competitiveness.”
Auburn University is a nationally ranked land grant institution recognized for its commitment to world-class scholarship, interdisciplinary research with an elite, top-tier Carnegie R1 classification, life-changing outreach with Carnegie’s Community Engagement designation and an undergraduate education experience second to none. Auburn is home to more than 30,000 students, and its faculty and research partners collaborate to develop and deliver meaningful scholarship, science and technology-based advancements that meet pressing regional, national and global needs. Auburn’s commitment to active student engagement, professional success and public/private partnership drives a growing reputation for outreach and extension that delivers broad economic, health and societal impact.