Companies Increasingly Face Nation-State Cyberattacks

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Joyce E. Cutler

Addressing an exploding number of nation-state cyberattacks is sapping the resources of companies, cybersecurity professionals say.

Nation-state attacks on corporate assets used to be infrequent, but now companies sometimes feel like they are on the front lines of a cyberwar, panelists at the Global Cyberspace Cooperation Summit at the University of California, Berkeley said. Even though cybersecurity defense can distract companies from their primary missions, planning and investment in resources is crucial, they said.

Microsoft Corp. spends $1 billion on cybersecurity, a lot of money except when compared with how much money countries are spending on offensive weapons, Paul Nicholas, Microsoft Inc.'s trustworthy computing senior director, said. “You’re entering into a new phase that more and more private sector companies are being put on the front line,” Nicholas, a former White House cybersecurity director, said.

Faced with that reality, companies have to treat investments in cybersecurity as they would investments in financial assets, Michael Chertoff, former U.S. Homeland Security secretary, told Bloomberg BNA. “It’s mission critical,” he said.

Attacks Fast, Furious, Expensive

Today, defensive spending is siphoning money and attention at corporations and enterprises, Bill Woodcock, a commissioner on the Global Commission on the Stability of Cyberspace, said.

When Woodcock started working on networks 33 years ago, attacks came occasionally by nation states.

“Today that happens millions of times each second. This is a problem the private sector faces in increasingly burdensome form as time goes on,” Woodcock, who is also executive director of Packet Clearing House, an international organization that consults on cybersecurity issues, said.

Companies have to recognize how attractive a target they are for certain countries looking to exploit personal information, Chertoff said.

“I think that it’s impossible to conceive of the internet continuing to function in the future if this problem continues to get worse,” Woodcock said.

International Rules, Norms Needed

“Even assuming the most benign motivations by all the parties in these various incidences, these continuing, ungoverned state-on-state skirmishes in cyberspace increasingly undermine terrestrial security and stability,” Bruce McConnell, global vice president for the EastWest Institute, an international non-governmental organization working on reducing conflict, said at the conference.

Recently, Microsoft President Brad Smith proposed a way to address the issue through a set of global norms for information and communications technology practices akin to a digital Geneva Convention.

To contact the reporter on this story: Joyce E. Cutler in San Francisco at JCutler@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security