English   Deutsch   Русский   中文    

US Defense Secretary Panetta and the cyber Pearl Harbor

Oct 16, 2012 by Martin Kuppinger

At the end of last week, US Defense Secretary Leon Panetta gave his first major speech on cybersecurity. The speech was given during the Business Executives for National Security meeting in New York. It gained some attention in the news. This concept wasn’t entirely new, as Jon Oltsik pointed out in a post – back in 1998 Deputy Defense Secretary John Hamre cautioned the U.S. Congress about the same topics, using the term “cyber Pearl Harbor” back then as well. On the other hand, in March 2012 the US Cyber Chief talked about a tide of cyber criminality. And even while I stated that tide appears to be the wrong term despite the lack of an ebb tide that also showed that this issue is increasingly well understood.

On the other hand, John Oltsik claims that “almost nothing” had been done since 1998 to actually improve cybersecurity readiness in the critical infrastructure. I disagree with his point. A lot has been done. But we didn’t manage to close the gap between the threats and the cybersecurity readiness. This gap might even have become bigger. When I look at what various governments like the U.S. government or the German government and multi-national institutions like the EU are doing, I see that they have started investing. They also, like other organizations, have understood that this is an immense risk. But things are moving slowly, which is no surprise when governments are involved.

The biggest issue, however, isn’t the governments but all the providers within the critical infrastructure, from utility companies to finance institutions and their technology providers. Back in 2010 I wrote a post titled “Is an insecure smart planet really smart?”. That’s where the big problem is: there are far too many initiatives around making the world “smarter”, which either totally ignore security or underestimate the role security plays in being smart. This is not only true for the big initiatives, but also for industry automation and, maybe even more, for automation within households.

It is important to understand that addressing the threat Panetta described is not only a task for governments. It is a task for every single organization. When looking at Stuxnet and Duqu, some organizations far away from the real targets became an attack target as an intermediary step. We need to rethink our security and to become much better at that.


Author info

Martin Kuppinger
Founder and Principal Analyst
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
RTSI asnd Future SOC
Statistics show that most data breaches are detected by agents outside of the organization rather than internal security tools. Real Time Security Intelligence (RTSI) seeks to remedy this.
KuppingerCole CLASS
Trusted Independent Advice in CLoud ASSurance including a detailed analysis of the Cloud Assurance management tasks in your company.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole