Building a National Firewall

Last week’s disclosure that 5 million gmail passwords may have been stolen only further underscores the seriousness of cyber-attacks on our digital infrastructure.

Gaining access to email accounts does not only mean hackers can view emailers’ vacation photos. It means that hackers can access any document, account information or confidential business correspondence contained in those emails. Such information can be a treasure-trove for hackers.

The latest hack attack comes on the heels of other breaches that threaten to undermine the functioning of everything from our financial institutions to power plants. The information highway has become critical to the functioning of the world’s economy, but hackers are having great success in creating digital roadblocks that threaten its viability.

In late August, reports surfaced that some of the critical systems of JPMorgan Chase, the nation’s largest bank, had been under assault from hackers for months. The sophisticated attacks, which some believe originated in Russia, involved hackers installing malware on the bank’s servers. The hackers were then able to penetrate deeply into the bank’s client and account data systems.

The JP Morgan attack was preceded by the spectacular theft of 40 million payment card numbers from retail giant Target and attacks on Bank of America and Citibank. Along with the Target credit card numbers, the cyber thieves obtained email and phone information.

The costs of the continuous assault on our digital infrastructure is having a significant impact on our nation’s GDP. Mcafee, a cyber security company, estimates that the cost of cyber attacks to the U.S. economy could shave off close to one percent of GDP. Identity theft alone costs Americans anywhere between $300 to $500 million a year. Corporations are seeing their intellectual property stolen and account information manipulated.

Private companies are investing hundreds of millions of dollars to counter the threat. JPMorgan has pledged to spend $250 million and hire 1,000 employees to fight the attacks. But most companies cannot keep up with the hackers’ incessantly increasing sophistication. Mckinsey Research showed that 80 percent of corporate executives said they feel that they cannot  keep pace with hacking attempts.

And even if companies exercise due diligence in protecting their own systems, the power of the internet is its easy ability to integrate millions of computer systems for information transfer. While JPMorgan’s systems may be safe, they are dependent on other institutions for many transactions —  banks for wire transfers, brokerage firms for counter parties, electronic markets for trading — all of which could be compromised and impact JPMorgan transactions.

In short, our nation’s electronic economy is under constant and concerted attacks, and the costs will only grow. According to research by Mckinsey and the World Economic Forum, the cost of cyber-attacks in impeding innovation and business growth could reach $3 trillion by the year 2020.

It is clear that private companies do not have the resources and know-how to fight this cyber-war that is being waged by professional cyber-criminals and terrorists, some with the backing of the governments of China and Russia.

National security is one of the key responsibilities of the federal government. Ever since 9/11 we have spent billions on protecting our nation’s physical infrastructure from attack. The Department of Homeland Security was formed to provide a central agency in the fight against terrorism. Protecting our electronic infrastructure is no less important. A cyber-attack attack on our electric grid and utilities would be a catastrophe, potentially costing countless lives as hospitals lose power, street lights go dark, and water- pumping stations cease to work.

Congress has been deliberating during the last several months on legislation that would encourage companies to share cyber-attack information with the federal government or industry. The legislation has the support of both parties, and backers of the bill are hopeful it will pass after the November election.

Such information sharing is a good first step, but it clearly falls short of the dramatic measures necessary to thwart the devastation cyber attacks can wreak on our nation’s economy and infrastructure. The DHS and the nation’s intelligence agencies must identify our nation’s critical digital infrastructure, whether in e-commerce, financial markets or utilities, and mandate the adoption of federally approved security standards. That could entail the implementation of new processes and the installation of security hardware and software — creating, in effect, a national firewall. Corporations or government agencies that fail to comply with the new measures would be taken offline with the same stringent penalties used for airlines that don’t follow TSA guidelines.

In addition, the president has to make it clear to China, Russia and any other nation where hackers are thriving that sanctions and harsh penalties will be meted out to anyone or any organization aiding or abetting the launching of cyber-attacks on U.S. networks. We can’t afford to continue our hodgepodge approach to protecting our digital infrastructure.