It’s war!
Sandia Labs hit by 1.5 billion ‘cyber events’ every day
Cyber warfare is not a thing of the future, but a pervasive battle that’s well underway and growing at an alarming rate, according to John Zepper, Sandia National Laboratories’ director of computer and networking services.
Sandia faces 1.5 billion “cyber events” during every 24-hour cycle, Zepper told the Albuquerque Economic Forum on Wednesday.
That includes many benign incidents in which someone simply mistypes a password. But it also includes many direct attacks, such as fake “phishing” emails to get lab personnel to inadvertently download computer viruses and attempted break-ins on lab websites.
Every day, the lab’s computer specialists see 10 to 20 new types of cyber aggression they had not seen before, Zepper said.
“It’s real, it’s here and it’s here today,” Zepper told the forum.
Hacking attacks are impact- ing computer networks across the board, affecting businesses, government agencies and private individuals, Zepper said.
And the aggression is coming from a range of cyber criminals, including groups seeking to steal money or property, professional hackers trying to acquire trade secrets and other data, and foreign governments conducting espionage against other countries.
“Cyber bad guys are constantly looking at what you do and what you click on,” Zepper said. “They profile you to find out what your interests are to then get you to click on things.”
As of 2012, the Center for Strategic and International Studies in Washington, D.C., estimated that cyberattacks were costing businesses worldwide about $445 billion per year. U.S. firms alone are losing about $100 billion annually, leading to the loss of about 200,000 jobs a year, according to the center.
A number of high-profile cyber attacks since late 2013 have raised public awareness about cybersecurity and the dangers posed by
cyber criminals. That includes a breach of Target Corp.’s and Home Depot’s networks.
An attack on Sony Pictures in December led it to cancel release of the film “The Interview,” exposing the American public to the potential of true cyber warfare. The U.S. government said North Korea attacked Sony because its movie depicted the fictional assassination of North Korean leader Kim Jung-un, and that provoked a new round of U.S. economic sanctions against North Korea.
“The cyber domain is really becoming the fifth domain of conflict after land, air, sea and space,” Zepper said.
Moreover, hacker tactics are becoming much more sophis- ticated, with attackers frequently downloading malware to computer networks that are used to spy on businesses or government agencies for years.
Protecting networks requires constant vigilance and organizational agility to upgrade things as needed, Zepper said. Sandia, for example, does more than 1.5 million “patches” to its systems every year.
The lab is also working to develop new cybersecurity technology for commercial use. It recently created a program that will allow computers to generate virtual replicas of their hard drives that would act as decoys to absorb malware, thus blocking a virus from targeting the real hard drive. A California startup plans to market that product, with beta testing expected to begin this spring.
But the most sophisticated software still can’t protect networks against lax vigilance by computer users who fall victim to fake emails and scams, perpetuating system vulnerability.
“No matter what you do, you can’t stop people from clicking on things,” Zepper said.
Mark Fidel, president of the Albuquerque-based cybersecurity firm Computational Analysis & Network Enterprise Solutions who was at the forum session, said that probably won’t change until insurance companies refuse to pay for human error.
“When that happens, we could see a sea change in how organizations, corporations and government agencies manage their data,” Fidel said.