Philip Lieberman, author and CEO of security firm Lieberman Software, believes the US is on the brink of suffering a major cyber attack from another nation state that will severely damage the country’s national infrastructure.
The security expert has spoken out as the US falls into its latest bout of international confrontation, with North Korea threatening to launch nuclear attacks on the States and old foe South Korea. But far more likely than military engagement is the use of cyber weapons, and indeed, the North is already thought to have been behind crippling cyber attacks on the networks of South Korean banks and television stations last month.
The US and the South have taken action to safeguard their digital infrastructures, last week signing a cyber alliance to increase the sharing of strategies and intelligence between the two nations, while President Obama has been busy bolstering the States’ cyber arsenal and acquiring legal permission to launch cyber strikes this year.
Despite this initiative from the executive, Lieberman believes a lack of security consciousness among other US organisations will cost the country dearly.
“The next major threat will come from a nation state taking aim at our critical national infrastructure and knocking out resources essential to life,” he said. “This will be an easy target since many of the utilities have little interest or appreciation for security. Their systems have been fully characterised by hostile powers external to the United States and will eventually be turned off and/or damaged when the time is right.”
Away from the ongoing tensions with North Korea, Lieberman says the threat of nation state attacks on the US is ever-present and could come from a number of other sources. “In my daily interaction with government bodies, police and other public sector authorities, we are seeing a huge rise in attacks which are state sponsored and targeted at the critical national infrastructure. The real fight isn’t from stopping them getting in, it’s actually about how far within your organisation you can stop them reaching.”
While more plainly destructive DDoS and malware attacks grab most of the security headlines, Lieberman says the greatest threat currently lies in the covert infiltration of networks, where the perpetrators hop from one machine to another collecting as much data as possible – something the New York Times detected in its system, with the Chinese government suspected of being responsible.
“To counter these attacks some of our customers, who are under active 24/7 attack have begun to rotate all passwords every eight to 24 hours,” Lieberman claims. This prevents attackers from being able to transfer across multiple devices and spend too long on a single machine, as their access is terminated by the password change.
According to the CEO, such strategies are the only way forward in dealing with modern security threats. “The point to be made is simple: there is little to no real security found in the commercial tools for anti-virus and anti-malware from the major software providers and the continued purchase of these products is a waste of money and time when the foe is more than a petty criminal.”