Tags: ddos attack | dyn | cyber defense | government

We Need a National Cyber Defense Agency

We Need a National Cyber Defense Agency

U.S. President Barack Obama signs an executive order promoting private sector cybersecurity information sharing after speaking at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alto, California on February 13, 2015. (Nicholas Kamm/AFP/Getty Images)

Monday, 31 October 2016 04:04 PM Current | Bio | Archive

If you’re like most Americans, the idea that our country doesn’t have a unified cyber defense agency is about as unthinkable as a presidential contest between Donald Trump and Hillary Clinton.

Welcome to the desert of the real.

Our cyber defenses are scattered across three agencies that don’t always communicate well (a generous appraisal) or in a timely fashion, and we’ve never been more vulnerable. As Ronald Reagan (quoting John Adams) famously said during his address to the 1988 Republican National Convention, "Facts are stubborn things."

On October 21, there was a cyber attack in the United States. At least two "cause hacking" organizations have taken credit for it. If it had been conducted by state-sponsored hackers, it would have been an act of war. How many of your friends and family know about it? A lot, if they only knew how it affected them.

A distributed denial of service attack (DDoS) at around 7 a.m. EDT targeted servers belonging to a company called Dyn, causing severe disruption of Internet traffic to major sites, including Amazon, PayPal, Reddit, Twitter, Tumblr, Verizon, Pinterest, Etsy, Spotify, Comcast, HBO, and even Playstation; the first attack was followed by at least two more attacks.

A Dyn statement said: "this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses." The way this attack was perpetrated matters. Targeted here were Internet of Things (IoT) devices wrangled together in a botnet that took advantage of weak default passwords set by their manufacturers. These connected and interconnected items (think home routers, smart televisions and security cameras to name a few) were infected with malware and then triggered to send a staggering amount of traffic to select servers in order to overwhelm them and ultimately shut them down.

This is way beyond inconvenience. In 2012, a DDoS attack took out the websites of JPMorgan Chase, Bank of America, Wells Fargo, Citigroup, and other financial companies.

Imagine for a moment that the October 21 DDoS attack had been a test conducted by state-sponsored hackers — and consider, if you will, the possibility that those hackers were gaming a bigger plan — one targeting critical infrastructure such as our power grid, the banking system, our weapons systems, or one designed to disrupt our elections.

Why It Matters

The 2015 attack on the Office of Personnel Management, the human resources department for the United States, where 21.5 million files, containing the personally identifying information of, and deep background investigative reports on, top current and retired national security players and their families, were grabbed should be reason enough to focus serious resources at the problem of our national cyber security.

A more recent attack, equally troubling no matter your political outlook, is the hack of Democratic National Committee emails. We are living in a world where hackers have the capability to disrupt our elections, put key military assets in danger, and shut down our financial institutions.

As things stand currently, the NSA is responsible for protecting national security systems and the DHS takes care of all other security systems. The FBI’s job is to investigate cyber crimes.

Because each agency has to enlist one or both of the others to help, the process can be slowed down, which means precious leads can go cold and clear and present dangers can unfold without an optimal defense.

Three Agencies Need to Be One

On October 18, NSA Deputy National Manager for National Security Systems, Curtis Dukes, gave a speech at the American Enterprise Institute detailing two years worth of cyber attacks. During the Q&A, he stated that it was time for a more unified approach to our cyber defenses.

“I am now firmly convinced that we need to rethink how we do cyber defense as a nation,” Dukes stated, saying that parts of the response teams at the FBI, NSA, and DHS might be combined under one authority to both improve reaction time during a cyber attack and oversee our nation’s defenses against future attacks. He pointed to the UK’s National Cyber Security Centre, which currently approaches cyber in this way.

In a different setting, a call for a three-in-one approach would start a heated discussion about the need for the separation of Church and State, but the three-in-one proposed here requires no mystery and no Holy Ghost. In fact, the only mystery is why we still don’t have an agency dedicated to cyber defense.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of IDT911 (IDentity Theft 911) and co-founder of Credit.com. Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." Read more of his reports — Go Here Now.

© 2019 Newsmax. All rights reserved.

1Like our page
If you’re like most Americans, the idea that our country doesn’t have a unified cyber defense agency is about as unthinkable as a presidential contest between Donald Trump and Hillary Clinton.
ddos attack, dyn, cyber defense, government
Monday, 31 October 2016 04:04 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved