Cyberthreats: U.S. under attack every day, virtually

Washington, D.C. – In the post-9/11 world, Susan Brenner, an NCR professor of law and technology at the University of Dayton, worries about terrorists using cybercrime for their own purposes. This week, Defense Secretary Robert Gates told CBS News that the United States is “under cyber-attack virtually all the time, every day” and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks. This is not your grandma’s Internet.

U.S. citizens have lost over $400 billion to cybercrime, according to FBI estimates, and less than a third of cybercrimes are actually reported. The cyberhordes are not at the gates, yet, but some people believe that we need a wake-up call before it is too late.

Susan Brenner is a member of the American Academy of Forensic Sciences, American Bar Association’s International Cybercrime Project and the U.S. Department of Justice’s National Forensic Science Technology Center Digital Evidence Project. She has served on the National District Attorneys Association’s Committee on Cybercrimes and two Department of Justice digital evidence working groups. She addressed cyber-terrorism at the NATO Advanced Research Workshop on cyberterrorism. Her cybercrimes Web site, law.udayton.edu/cybercrimes, was featured on “NBC Nightly News” and she’s often quoted by national media about cyberlaw issues. She has also written a book called, “Cyberthreats: The Emerging Fault Lines of the Nation State,” published recently by Oxford University Press, that outlines the threat facing the nation.

“With cyberthreats, it is difficult for the attacked to know the identity of the attacker or to determine the nature of the attack – whether war or crime or terrorism. If we don’t know who is attacking, how do we counterattack? If we don’t know whether the attack is a crime or an act of war, we don’t know whether to use the police or the military,” says Brenner, noting that the enemy is often invisible and that geography becomes irrelevant.

Brenner cites a 2007 two-week digital attack on the country of Estonia, initially believed to originate in Russia, as evidence of the kind of attacks that can shut down government sites and financial institutions and knock out electricity. She believes the U.S. needs to develop a new approach for dealing with cyberthreats and protecting cyberspace.

Among her suggestions are better integration of military and law enforcement information sharing and collection about actual or suspected attacks. Two organizations – the U.S. Secret Service’s Electronic Crimes Task Forces and the FBI’s InfraGard program – already do this, but more needs to be done to create greater cooperation. Brenner would also like to see civilians encouraged to become more involved, and encouraged to blow the whistle on cybercrime. The FBI believes that only one-third of cybercrimes are actually reported and that they cost U.S. citizens about $400 billion a year. More controversially, she recommends the creation of a new federal agency, Cyber Security Agency, to respond to cyberthreats.

The “cyber-vandals” are not at the gate, and “we are not the Roman Empire in the early fifth century A.D.,” but Brenner is sounding the alarm with her book. “I may be wrong, but I suspect the challenges emerging in this area are analogous to pre-shocks that signal an impending earthquake,” she said.