Online security threats have taken a new, darker turn in the past few years.
Instead of script kiddies and credit-card hackers, the dominant threats now are government-backed entities using sophisticated tools to steal corporate secrets, blueprints, and code. And, a growing number of threats — also backed by various national governments — are targeting civilian infrastructure, such as water supplies, power plants, and more.
“What once was the hacker in the basement … has evolved dramatically. We’re now seeing a tremendous amount of terrorist activity, nation-state-funded cyber attacks … a lot of it for intellectual property gain,” said David DeWalt (pictured), a longtime computer security executive.
Additionally, with the rise of cloud-based solutions, a whole host of new threats have emerged, aimed at online infrastructure.
“Their readiness is very poor,” DeWalt told me, referring to cloud providers as a whole. More mature software-as-a-service providers, in general, have better protection, while newer companies are typically less ready, he said.
DeWalt engineered the $7.68 billion sale of security company McAfee to Intel in 2010. He stepped down as chief executive of McAfee in 2011 and remained on the company’s board until last month. He’s now chairman of the board for two security companies, Mandiant and FireEye, sits on the boards of Jive Software and Delta Airlines, and is a member of the President’s National Security and Technology Advisory Council. With a high-level security clearance and years of experience in the security field, it’s safe to say that DeWalt has an excellent overview of the security picture.
Of course, like any vendor of security solutions, he’s also got a stake in painting a dire picture of the threats facing us, the better to encourage you to buy protection. But DeWalt makes a convincing case that the nature of global cybersecurity threats has shifted in the past few years.
“Now we’re seeing a lot of new stuff … attacks on the energy grids, attacks on intellectual property. It’s just scaled dramatically,” DeWalt said.
As evidence, he points to the string of major attacks that have hit the news in the past few years: Operation Aurora (in which 150 tech companies, including Google, were hit by cyber-thieves stealing source code); Night Dragon (an attack aimed at getting mineral rights bid information from 70 energy companies); Operation Shady Rat (which targeted 75 food, drug, and life science companies); Stuxnet (a virus, probably created by the U.S. and Israel, aimed at disrupting Iran’s nuclear-material refining processes); Flame; Duqu; and more.
“It’s going on now,” DeWalt told me. “It’s just that the public has a tolerance for it.”
As for infrastucture like power grids and transportation, DeWalt says their vulnerability is a side effect of their increasing connection to digital networks.
“Everything’s digital, and everything that’s digital can be attacked through a cyber attack,” he said. “That’s what keeps the good guys in the security industry awake at night, is the possible 9/11-like scenarios that could exist out there. We have to do everything in our ability to prevent that from happening.”
DeWalt joined the board of FireEye because he was impressed with the company’s approach to threat detection, which is not based on the signatures or filters that older technologies use.
“FireEye came up with a whole next-generation model that leverages virtual machines and virtualization technology, writing advanced heuristical algorithms instead of signatures, and really managing it with next-generation technology.”
Detection rates are higher with FireEye, DeWalt says, and it is able to identify attacks on their “zero day,” rather than having to wait until signature updates and security patches are deployed, as with other types of threat detection.
Check out my whole interview with DeWalt in the video below.