In my class, “Fight the Internet Bad Guys and Win,” I play a video featuring former executive assistant director of the FBI Shawn Henry.
Henry specialized in computer crime and cybersecurity investigations, and is widely regarded as a top-level expert in the fields of computer and Internet safety and security.
After 24 years with the FBI, Henry announced his retirement in 2012 and, in an interview with the Wall Street Journal, offered sobering comments about the war on cybercrime. “We are not winning,” Henry stated. “We’ve been playing defense for a long time. …You can only build a fence so high, and what we’ve found is that the offense outpaces the defense, and the offense is better than the defense.”
Fast-forward four years, and the landscape, for all practical purposes, is not dramatically different. Some areas have improved, some have gotten worse.
Last year, countless millions of personal accounts and records were breached, hacked, stolen and otherwise exploited, data entrusted to agencies and companies like the U.S. government’s Office of Personnel Management, health insurer Anthem, Ashley Madison, the Internal Revenue Service, Experian, T-Mobile, Home Depot, eBay, JP Morgan Chase, Oregon Department of Veteran’s Affairs, Hyatt Hotels, Safeway stores, Toyota Motor Credit Corporation, Georgia Secretary of State, and Amazon, among others.
This year, alone, the Democratic National Committee, Verizon, Premera Blue Cross, Snapchat, MySpace, Illinois online voter registration portal, Oklahoma Department of Public Safety, Midfirst Bank, Cici’s Pizza, City College of San Francisco, Childrens National Medical Center, Kansas Heart Hospital, Stanford University, Spotify, Catholic Archdiocese of Denver payroll system, and many more, have joined the shameful ranks of those who can’t seem to keep anything secret.
One example of good things happening among the bad are recent efforts of the FBI. More than any other federal agency, the FBI seems to “get it” when it comes to cybercrime and security. “The threat is incredibly serious—and growing,” states the FBI website. “Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries.”
“American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.
Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks.”
Of course, all this “enhancing” translates into “we need more money.” Like it or not, fighting the Internet bad guys costs money; lots of money.
This reality has, for the most part, been lost on Congress, as they, like many typical computer users, don’t seem to take the problem seriously.
Still, regarding computer and network intrusions, the FBI states, “The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks.
Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.”
“Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights, to businesses trying to gain an upper hand in the marketplace by hacking competitor websites; from rings of criminals wanting to steal your personal information and sell it on black markets to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.”