By James Irwin
Cyberspace is a battlefield that must be contested, former Central Intelligence Agency Director David Petraeus said Wednesday.
“There is a whole new dimension of warfare—along with ground, sea, air and space and subsea, you now have cyberspace,” the retired four-star general said at the annual Defensive Cyber Operations and Intelligence Conference. “This is a domain, this is a new battlefield, and it cannot be uncontested space for the enemy.”
Speaking at the beginning of the two-day summit held at the George Washington University, Mr. Petraeus—former commander of U.S. Central Command and coalition forces during the Iraq War—identified several threats in cyberspace. Chiefly among them: the Islamic State in Iraq and Syria, which has emerged as a major cyber security risk in recent years.
“I think the distinguishing feature between the Islamic State and say, Al Qaeda, is really the ability ISIS has demonstrated in cyberspace to use it for recruiting, to share tactics and techniques,” Mr. Petraeus said. “That has proven to be a very deadly capability in the hands of those individuals.”
In a 20-minute conversation with DCOI founder Gabi Siboni, a senior research fellow at Tel Aviv University’s Institute for National Security Studies, Mr. Petraeus highlighted efforts to contest ISIS in cyberspace. The U.S. opened a series of computer-network attacks against ISIS this spring. Social media companies, including Facebook and Twitter, have worked to block terrorist content and suspend accounts on their respective platforms.
Mr. Petraeus also weighed in on the privacy-security debate raised this winter over the FBI’s legal fight against Apple to unlock the iPhone used by an assailant in last year's San Bernardino attack.
“I get asked about the Apple issue a fair amount,” he said. “I don’t believe the government should compel an IT firm to create a backdoor for the government to get what otherwise would be inaccessible. I think that’s bad from all respects—bad for privacy, the vulnerability it creates. Having said that, I also firmly believe that the U.S. intelligence community should be able to crack any encryption on any device that is out there. I don’t think this is mutually exclusive.”
Many vulnerabilities in information sharing are due to human error, said Frederic Lemieux, co-founder of the GW Cyber Academy. (Logan Werlinger/GW Today)
The human factor of information sharing
Proper information sharing plays a key role in the future of cyber security—from national defense to the protection of consumer information in retail—said Frederic Lemieux, co-founder of the GW Cyber Academy, which provides degree programs, training and applied research within the College of Professional Studies.
Many vulnerabilities in the practice are due to human error, he said Thursday in a panel discussion moderated by Connie Peterson Uthoff, assistant program director of GW’s Strategic Cyber Operations and Information Management program.
“Most of the problem is due to human behavior and human nature, it’s not necessarily a question of technology,” said Dr. Lemieux, who serves as director of GW’s Cybersecurity Strategy and Information Management program. “Human nature can help, but it also can present an obstacle. Human factors affect the information exchange and not just in cyber security.”
GW Center for Cyber and Homeland Security (CCHS) Director Frank J. Cilluffo agreed with Dr. Lemieux. CCHS carries out policy-relevant research and analysis on homeland security, counterterrorism and cyber security issues.
Technology is important, Mr. Cilluffo said, but trust underpins efforts in information sharing. The United States has 16 critical infrastructures and though each has its own information sharing and analysis center, not all are equal when it comes to information sharing. Financial services is likely the furthest along, Mr. Cilluffo said, followed closely by the energy sector, communications and defense.
“[Companies in the financial sector] have been targets for an awfully long time, so they’ve seen the need to be able to share with one another,” he said. “Once you get through those top sectors, though, it drops off pretty dramatically. In the retail sector—in water, unfortunately. You can’t say with consistency how far along [water] is in terms of information sharing and cyber security efforts at large.”
NSA Director Michael Rogers said solutions to cyber threats must come through cross-sector and multinational partnerships. (Logan Werlinger/GW Today)
‘Cyber does not recognize geography’
National Security Agency Director Adm. Michael Rogers—who spoke at GW a year ago on the need for government and private sectors to share information—closed the conference with timely remarks on the global nature of cyber security.
“It’s important we remember that,” he said. “Multiple nations are dealing with similar threats. The same activities you see in the United States, you see in other nations around the world. Cyber does not recognize geography.”
Solutions to cyber threats must come through cross-sector and multinational partnerships, Adm. Rogers said. He has yet to find a single piece of technology, a single group or a nation that has all the answers.
“Cyber is all about the power of partnerships—our ability to bring together the government and private sector and partner across borders to deal with this challenge,” he said. “We’re watching the world around us fundamentally change, and the challenge for all of us is how do we recognize that change, acknowledge it, anticipate it and get ahead of it.”