SAN JOSE, Calif. – Warning that the U.S. is threatened by potentially devastating cyberattacks, the nation’s national security community is recruiting the San Francisco Bay Area’s private sector to counter the assaults.
On Monday, in a sign these concerns are shared at the highest levels of the Obama administration, Homeland Security Secretary Janet Napolitano will make a personal pitch for help to tech companies in San Jose. And Congress is considering several bills to encourage government and business to share intelligence about the computerized threats.
Also sounding alarms is Gen. Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, which guards military networks. At an October conference he appealed for the private and public sectors to work together because “this is something that we cannot do by ourselves.”
Such partnerships are widely considered essential, given how dangerously vulnerable the country is to computer incursions. Some experts say the U.S. could be crippled by adversaries in future cyberwars. Others say the technology that’s already been pilfered amounts to a lost national treasure.
“That is the sucking sound of all our intellectual property going to another country,” said Phyllis Schneck, a vice president at Intel’s McAfee subsidiary in Santa Clara who heads the National Cyber Forensics and Training Center, which tries to counter cyberattacks. Moreover, she added, “our cyberadversaries are faster than we.”
Experts say cyberthieves cost U.S. corporations billions of dollars annually – with some of the worst attacks linked to China – and federal agencies are being looted, too. In July, Deputy Defense Secretary William Lynn revealed that “foreign intruders” have taken “terabytes of data” from defense companies, ranging from specifications for parts of tanks, airplanes and submarines to “our most sensitive systems.”
Companies often aren’t paid for the help they provide to government sleuths and much of their work, understandably, is classified, some experts said. But it’s clear that a wide range of Silicon Valley companies are participating with the national security community on this effort.
Several Bay Area corporations – including Adobe Systems, eBay, Intel, Cisco Systems, McAfee and PayPal – have joined with Lawrence Livermore Laboratory to counter cybervillains through the lab’s Network Security Innovation Center, which opened in July. They exchange “threat information as well as best practices” to counterattackers, and their insights are relayed to other federal agencies, said the center’s acting director, Robert Sharpe.
Some of the same companies – along with Hewlett-Packard, NetApp, Symantec, VMware and Juniper Networks – are providing similar help to military and intelligence agencies through a Lockheed Martin center in Maryland.
In addition, the Department of Homeland Security has set up a Cyber Security Research and Development Center at the nonprofit Menlo Park think tank SRI International; dozens of local companies share information through the FBI’s InfraGard program; and other Bay Area companies work individually with federal agencies to combat cyberthreats.
At FireEye of Milpitas, whose equipment helps block cyberattacks, “we have deployed systems in over 60 federal customers and agencies, including the Department of Defense and the intelligence community,” said CEO Ashar Aziz. He added that FireEye has worked with the FBI “to help bring down botnets,” groups of computers controlled by cybercrooks.
Mocana of San Francisco helps federal agencies prevent unauthorized devices from using their networks and encrypts the government’s data in case its devices are stolen. And McAfee, which sells security software and monitors cyberintrusions globally, alerts the government about attacks. In August, it told authorities about a scheme that had compromised numerous agencies, prompting an investigation by Homeland Security.
Several congressional bills would further information sharing between the public and private sectors, in part by clarifying procedures for how the information is exchanged. But an analysis by the nonprofit public Electronic Frontier Foundation said the bills could endanger civil liberties by allowing “a whole host of monitoring activities” by government and nongovernment officials.
Some businesses may not be keen about the partnerships, either, the Congressional Research Service noted in a March report. It said firms might balk at sharing their proprietary information, fearing that it could be leaked to competitors, and that they might be sued if they failed to adequately address threats they learned about from the government.
Businesses also find it time consuming to partner with the government on these projects. and often are expected to volunteer their services, said Melissa Hathaway, a former top federal cybersecurity official with the National Security Council and the Office of the Director of National Intelligence who now has a consulting firm. She’s aware of at least 55 public-private alliances that already have been formed against cybercrimes and believes tax breaks may be needed to coax more company cooperation.
Nonetheless, unless federal bureaucrats and businesses redouble their efforts, the country could be in trouble, according to Robert Rodriguez, a former U.S. Secret Service agent who chairs the Security Innovation Network, a public-private group that sponsored a conference last month at Stanford that included participants from the National Security Agency to the Defense Department to the Central Intelligence Agency. He said it’s especially crucial for that help to come from the Bay Area.