Here's What The US Has To Do To Prevent Massive Cyberattacks

Greg Martin, the founder and CTO of ThreatStream, is an expert in the field of threat intelligence and threat prediction and is a former cybersecurity advisor to the FBI, Secret Service and NASA. 

Imagine this scenario: a regional US bank is hit with “wiper” malware that destroys data on its hard drives and renders a significant number of computers unusable.

As a result of the attack, the bank is forced to suspend online or branch operations for several days.

Customers can’t access their money. Businesses aren’t able to process transactions.

Now imagine the attack doesn’t just stop at one regional bank, but spreads to the entire US banking system.

There’s a reason why President Obama recently announced a new legislative proposal to make it easier for the private sector to share cyber threat information with the government — and why he is promoting it in his State of the Union address.

Every year, hacking is becoming more sophisticated, more dangerous and harder for companies (and even governments) to stop. US companies and government agencies are targeted every single day by hackers from around the world, and they can’t prevent every attack.

Years ago, the typical hacker was a teenager operating from a home PC and the attacks were mostly limited to pranks and vandalism.

Today, these attacks are increasingly carried out by two types of highly dangerous groups: organized crime rings, which make millions each year by stealing from or extorting businesses, governments and consumers, as well as by selling the malware itself; and state-sponsored hackers who target businesses, governments and critical infrastructure as part of a geopolitical confrontation or outright cyberwar, or for cyber-espionage purposes in order to give one country a military or economic advantage over another. In the case of state-sponsored groups, they may have bigger budgets than the companies they’re trying to hack.

Preventing these attacks isn’t easy, and there’s no such thing as a “silver bullet.” But if a company or government agency knows ahead of time how it is likely to be hacked, that gives it a crucial advantage when defending against a sophisticated hacker. And that’s basically all that cyber information sharing proposes to do: take evidence or clues from one attack and use it to protect everyone else.

For example: if oil refinery A notices someone is trying to hack it, they can ascertain the IP address(es) linked to the attacker, routing information, any type of malware being used, software bugs exploited by the hacker, etc., and pass that information along to the Department of Homeland Security, which will in turn pass it out to other companies so that refineries B, C and D aren’t also hacked.

This information is sort of like the fingerprint of the attacker. At the risk of mixing metaphors, this is the cyber equivalent of vaccinating a company against a specific threat.

The President’s prioritization of cyber information-sharing isn’t a knee-jerk reaction to the massive Sony hack, which has since been attributed to North Korea. This has been on the legislative agenda for some time, it’s just failed to get enough support to pass. Obama first proposed this reform back in 2011, and Congress has since filed bills supporting information-sharing every year since 2011.

U.S. President Barack Obama reacts after tweeting at his first ever Twitter Town Hall in the East Room at the White House in Washington, July 6, 2011.