By Ruth Steinhardt
According to former Director of National Intelligence Dennis Blair, a simple web search can reveal information from thousands of unsecured devices. Even the casual browser can access camera data from Sweden, video game server activity in Eastern Europe or the output of American wind turbines.
This information is as easily accessible to terrorists and other criminals, said Adm. Blair, speaking Tuesday at the George Washington University Center for Cyber and Homeland Security’s annual strategic conference. And more will become available as the “Internet of things”—the collection of physical systems and devices connected to the Internet—grows in size.
“Overall, the ‘Internet of things’ will hurt [cyber security professionals] more than help us,” Adm. Blair cautioned. “It will make our jobs more difficult.”
Much of his audience intimately understood the problems he described. Experts from across the public and private sectors gathered at the conference, titled “Securing our Future,” to discuss the evolution and future of cyber, homeland and national security.
Every device on the “Internet of things” could be an “attack path” to the larger systems with which those devices are integrated, Adm. Blair warned. An unsecured power monitoring system in an individual household, for instance, could give a hacker access to its associated regional power grid.
The development of the “Internet of things” is fortunately slow enough that developers have time to address some of these issues, Adm. Blair said, “but not if security is an afterthought.”
The conference, as CCHS Director Frank Cilluffo pointed out, took place almost exactly five years after the death of Osama Bin Laden. That operation was a significant moment for security intelligence.
“Now is a good time to take stock of where we are, how the threat has changed and the capacities we need to develop to get ahead of the curve,” Mr. Cilluffo said.
Delivering the morning keynote, Deputy Secretary of Homeland Security Alejandro Mayorkas pointed out essential differences between cyber security and other law enforcement priorities.
While traditional law enforcement focuses on finding and punishing specific criminals, for instance, Mr. Mayorkas said that apprehending perpetrators “may be less important than ensuring that the victimization is not replicated” when it comes to cyber crime.
Unlike traditional law enforcement bodies, therefore, cyber security agencies can and must share information with each other, other agencies and the private sector, said Mr. Mayorkas. He said some of this automated data sharing was already taking place among government agencies.
For data sharing to truly be effective, however, Mr. Mayorkas said, government will have to partner with technological professionals and the private sector.
“The paradigm we want to establish is much more about sharing information,” he said.
Panels throughout the day were examples of the cooperation Mr. Mayorkas hopes for. Private sector professionals joined representatives from the Department of Homeland Security, the Transportation Security Administration and other government agencies for conversations on topics including cyber counterintelligence and preventing terrorist travel.
Any effective security strategy will have to surmount the post-Edward Snowden distrust between the technological community and the government, Mr. Mayorkas said.
“We have to work through our disagreements,” Mr. Mayorkas said. “We have to work through our distinct policy positions around critical issues and find a level of trust that allows us to protect one another and to protect the nation as a whole.”