SAN FRANCISCO—There is a specter of nation-state cyber-attacks against the United States, but with the right preparations, there is little to fear, according to former National Security Agency Director General Keith Alexander and Nadav Zafrir, former commander of Israel's 8200 Intelligence Unit (Israel's equivalent of the NSA).
Alexander and Zafrir took part in a session on April 20 at the 2018 RSA Conference here. Both men now work in the private sector, with Zafrir leading cyber-security incubator Team8 and Alexander running IronNet Cybersecurity.
Alexander started the session by giving his perspective on the looming threats that face the United States. He warned that Iran is already actively engaged in cyber-attacks in the Middle East, and it likely will attempt to attack the U.S. as well. Alexander is also concerned about Russian cyber-attacks against infrastructure.
Alexander sees a different type of cyber-attack coming out of China. Rather than attacking infrastructure, China is stealing intellectual property from American companies, and the long-term impact is likely larger than any cyber-attacks coming from Russia and Iran, he said.
Zafrir warned that given the risks, we are now at a critical point in human history where the foundations of how modern civilization itself works is at risk, especially as attackers take aim at the electrical grid and financial markets.
"If we don't have faith in the electric grid or the financial system, we will head back to the Dark Ages," Zafrir said.
The Hyperconnectivity Hockey Stick
In Zafrir's view, since 2007, the world has been in a period of expanding hyperconnectivity thanks to smartphones, the cloud and social networks. The hyperconnectivity situation of exponential growth has also enabled attackers to do a better job of following the curve, according to Zafrir.
"The curve has created more opportunities for attackers as the attack surface has been exponentially growing," he said. "Defense has not gotten better at the same pace."
Part of the challenge is that the modern internet is not a single network, but rather a network of networks, meaning no one group or company can defend it all, or even have all the information to defend against a massive attack, Zafrir said.
Alexander added that currently every organization is seemingly on its own and there is a clear need for better information sharing between the government and the private sector. When it comes to air traffic control, there is an integrated system that facilitates travel, and there should be a similar type of integrated approach to coordinating cyber-defense, he said.
Zafrir's cyber-security incubator backs a number of different companies, including Illusive, which is a cyber-deception vendor. Zafrir said that attackers are actually at a disadvantage because they don't know what is supposed to be on a network.
"We know where the battle will take place," he said. "It will happen on our network, and we should know our network better than attackers."
The role of technology in modern society is not about creating secure networks, according to Zafrir. Technology is about enabling interaction, communication and innovation that enable humans to be more productive.
"At the end of the day, it [technology] has to be about people having trust and optimism," he said. "Sharing information, computing and the cloud will make us better in every aspect of life."
Alexander echoed Zafrir's statement and noted that the private and public sectors can be better than the cyber-adversaries that would do us harm.
"Together we can secure our networks and our nations," Alexander said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.