POLITICS

Cyber attacks on private sector reaching a tipping point: U.S. commander

02/21/2013 05:26 EST | Updated 04/23/2013 05:12 EDT
OTTAWA - A senior U.S. military commander says cyberattacks on private businesses are growing in size and frequency — so much so that Western governments may have to step in and defend them.

Gen. Keith Alexander, the head of U.S. Cyber Command, says so-called "denial of service" attacks and the theft of corporate secrets have exploded since 2008.

The U.S. government is considering more aggressive action, such a trade sanctions, in response to a relentless hacking campaign that is apparently linked to the Chinese government.

But the former head of the ultra-secret Canadian Communications Security Establishment, the electronic eavesdropping arm of National Defence, says there is a lot of misunderstanding about threats in today's wired world.

John Adams, who is also a retired Canadian general, says the world is a long way from cyber-warfare because it's very difficult to "weaponize" software code.

It's also very difficult to pin cyberattacks on individual countries or institutions, Adams said following a panel discussion at the annual Conference of Defence Associations meeting.

"The challenge with all of these things in people think it's China, but nobody knows for sure," he said. "Attribution is very, very difficult. There are billions of users out there, where you can hide in plain sight. So, who knows?"

A Virginia-based cybersecurity firm released data Monday that linked a secret Chinese military unit to years of cyberattacks against some 140 U.S. companies. The Chinese government has denied being involved.

Part of shoring up cyber-defences involves more — and faster — information sharing between government and the private sectors, said Alexander.

The Internet is so vast and so crowded that it makes keeping track of what's going on almost impossible, he added.

"We don't watch what is going into and out of our country," Alexander said.

"I know that's probably a shock to most of you, because I know you think we see it all. But the reality is, if there is an attack on Wall Street, if somebody doesn't tell us there is an attack going on, we won't see it, and if you don't see it at network speed, you can't stop it — especially a destructive attack."

Alexander says there are ways to ensure that information is passed without infringing on civil liberties.

The U.S. is just starting to think about the policies, safeguards and legislation that will be needed to deal with emerging Internet-based threats.

The Americans have been at the forefront of the urgent call to man the cyber-ramparts, forming a separate military command within the Pentagon.

Adams, who recently retired from CSE, cast a more skeptical tone for the audience the meeting, saying the biggest online threat is cyber-crime.

The Canadian banking sector loses $2 billion a year to electronic-based fraud and theft, he noted.

Adams ducked the question of whether Canada should follow the U.S. and establish a separate military organization to deal with cyber-warfare, but said that there should be more uniforms serving at his former organization.