A cybersecurity breach at intelligence think tank Stratfor over the weekend struck close to the central point of debate over how to secure domestic networks, Josh Smith wrote in the National Journal today.
Smith wrote that this debate “has revolved around the division between government and private sector security,” where businesses want more cybersecurity protections, but largely do not want the government regulating and protecting private networks and information.
The issue is particularly relevant to companies who have access to classified government information or help protect, manage or operate infrastructure critical to national security.
Although it does not exist to work with classified information, Stratfor keeps close ties with government agents, international corporations, contractors and other major players in national security and defense.
Anonymous, the loosely assembled group of hackers who has claimed responsibility for the breach, released a list of company clients that included the Defense Department, Lockheed Martin, Los Alamos National Laboratory and the United Nations, the New York times reported Dec. 25.
While an Associated Press report found Anonymous was most likely unable to steal proprietary information from any Stratfor customer, sensitive information could still have been compromised.
A declared spokesman for Anonymous wrote in an online post that the “wealth of (stolen) data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade.”
Some defense contractors and the government recently participated in a pilot program where they shared cybersecurity information and Congress will soon consider a bill that will formally allow cyber exchange between more private sector companies and the government.
But, the Stratfor breach has some questioning if more drastic measures are needed to shore up domestic networks, including the possibility of more direct government involvement.
“When you have a major firm specializing in cybersecurity getting hacked this way, it gives you an idea of how difficult this problem is and how much ground still needs to be covered to better secure our cyber networks,” Rep. Jim Langevin, D-R.I., said in an e-mail to National Journal.
Smith noted an October Symantec and National Cyber Security Alliance report that found that although the majority of cyber attacks are on small businesses, most companies with fewer than 500 employees are unprepared to handle a cyber attack.
“The scary thing is that no matter what you do, every system has some level of vulnerability,” Jerry Irvine, a member of the National Cyber Security Task Force told the New York Times. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”