Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill – The Hill

The U.S. private sector received a wake-up call last week when the Department of Justice announced charges against four members of Chinas Peoples Liberation Army(PLA)for the 2017 Equifax hack that compromised over 140 million Americanspersonal information. Too often we think that nation-states are only after government secrets, and only cyber criminalswouldwantany of our personal information.This oversight can be costly. Just ask Equifax.Or Marriott. Or Anthem.Or Sony.

Targeting of U.S. and allied private-sector data is a high priority for adversary nation-states such as China and others, who deployadvanced technologies and armies of digital warriors to constantly probe all of our information technology networks, looking for weaknesses and sweeping up anything of value.This latest pattern of targeting personal informationby the PLAshows the sophistication oftheirlongstanding effort to amass as much data as possibleon Americansand our allies.

The U.S. government andthe contractorswho operate on the seamsbetween the public and private sectors face this challenge daily and maintain a familiarity with the tactics and methods most commonly usedby these adversaries. The indictment in the Equifax case highlights the increasing need for companies outside of this traditional defense industrial base to also understand how at risk they areand to take appropriate steps to protect themselves.

Our totalitarian economic adversaries long have been exploiting the digital disconnect between our government and industry, and in Western democratic societies we need our businesses to take the initiative to close these gaps. In the case of Equifax, several basic cybersecurity steps would have made it more difficult for the PLA to access, maneuver through and ultimately remove data from the network. TheU.S. governmentcannot mandate that private-sectorentitiesadopt certain security standardsor protections, so its up to companies to take these steps on their own.

Unfortunately,many U.S. business leaders dont know where to start, butthere are some resources that can help businesses improve security posture and participate in established public-private partnershipsto leverage collective knowledge about current threats and technology.Good information and concrete recommendations are available through the Know Your Risk, Raise Your Shield initiative at the National Counterintelligence and Security Center (NCSC) and theNational Cyber Awareness Systemat the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security.

In addition to taking steps to better secure their data today, it would benefit U.S. and allied private-sector companies to start thinking about how their data will be protected in the future.Certain types of data lose their value over time, but many data types, such as Social Security numbers, retain their value for years. Because these nation-state breaches are targeting such massive data sets, it is highly likely that they contain information that will prove valuable well into the future. As we look ahead, it will become increasingly important that all organizations approach the storage of personal information in a smarter, forward-looking way.

Encryption technology provides a sufficient level of protection to keep data from being viewed today, even if it has been stolen. The challengein the future will comewhen a nation-state such asChinaachievesaquantum computing capability.At that point, theencryption standards used today will be vulnerable to this exponentialincrease incomputing power.

Conversations around the adoption of post-quantum encryption technology by both the public and private sectors have startedand appear promising.

The Justice Department indictments ofthe Chinese militaryforstealingmillions of Americans personal information is not only awake-up callfor businesses to start taking smarter steps to protect their data it also is areminderto all of us that thechallengeswell face inthe futureare bestdealt withby making smarter collective decisionsand collaboratingacross public and private sector lines.

Andrew Borene is the CEO of CipherLoc Corporation, an advanced encryption technology company. He formerly led teams at Symantec and IBM and was a senior advisor to the Intelligence Advanced Research Projects Activity (IARPA) and former associate deputy general counsel at the Pentagon.

Go here to read the rest:

Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill - The Hill