Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Don't use terrorism as model to analyze cyber threats: ISA head

Reprints

WASHINGTON — Terrorism is not the right model to use in analyzing the cyber threat, according to the head of the Internet Security Alliance, an Arlington, Virginia-based trade association.

During remarks delivered at Business Insurance’s inaugural Cyber Risk Summit in Washington on Thursday, ISA President and CEO Larry Clinton said that although there have been terrifying scenarios involving cyber terrorism, such as a cyber attack that releases a toxic chemical cloud over a metropolitan area, the federal government’s National Intelligence Estimate has held that the likelihood of a catastrophic cyber terrorist attack are low.

That’s because only China or Russia could do so, and there is nothing for them to gain — and much to lose — if either launched such an attack, he said.

Instead, cyber security should look at what Mr. Clinton called the “real modern cyber threats.” These attacks are launched by either criminals or nation states, Mr. Clinton said during a panel discussion on whether U.S. business and industry are targets of cyber terrorism. Ninety-five percent of such attacks are financially motivated, he said.

And the attackers are getting better, said Mr. Clinton. “The economics of cyber security all favor the bad guy,” he said. A cyber attack is cheap and profitable, while defense is hard because it’s post-fact and hard to show as a return on investment, he said.

“We’re seeing a ton of breaches,” said Jake Kouns, chief information security officer of Richmond, Virginia-based consultant Risk Based Security Inc. He said 822 million records were compromised in 2013. He added that part of the problem is that “there’s bad software that’s being continued to be written,” thus increasing vulnerabilities.

But Mr. Kouns also pointed out that squirrels have caused power outages in every state except Hawaii, far more than have been caused by cyber attacks.

Simply building firewalls against cyber attack is not enough, said Jon Iadonisi, CEO of Alexandria, Virginia-based White Canvas Group, which creates technologies and training services. Instead, security requires a holistic approach that looks at both people and technology, he said.