In an effort to protect US economic activity, the nation’s intelligence arm will be announcing a plan to provide cyber threat assessments to us firms involved in supply chain management, Bloomberg’s Chris Strohm first reported.
Move to protect private enterprise a policy departure, as banks typically were primary recipients of protection
The forthcoming effort by the National Counterintelligence and Security Center, to be formally announced Thursday, marks a policy change. The US government for the most part had a laissez faire attitude towards protecting private enterprise from cyber-attacks. There were exceptions, however, as highly protected banks were among those receiving government risk back-stopping.
This effort targets the US supply chain for protection. The initial beneficiaries include US telecommunications, energy and financial firms.
“You’d be shocked to find out how many people really don’t know where their stuff comes from,” William Evanina, the nation’s top counterintelligence official and director of the center, told Bloomberg in an interview. “The supply chain threat is one that’s the least talked about but is the easiest to manipulate for all aspects of our daily lives.”
The cyber threat assessment is not just targeted at technically hostile governments such as Russia, China and North Korea as well as terrorist organizations and professional criminals. The intelligence effort is also targeting disgruntled employees who may have sensitive information or be in a position to disrupt operations.
Cyber crime costs skyrocketing
A technical disruption in the US supply chain could disrupt American life. “If you can control those or manipulate those sectors, that’s the bedrock of our capitalist supremacy around the world,” Evanina said, pointing to the strategic importance of preventing technical sabotage.
A key component of keeping a corporation secure comes into play by knowing the vendors and ensuring they are not leaving an open door to cyber disruption.
“Know where your stuff is coming from,” Evanina said. “You might have the best software and cybersecurity programs, but if you don’t have the same due diligence and understanding of the threat for the people who buy the systems that run your buildings and facilities, you’re running the risk of potential compromise.”
As the technical barriers to hacking decrease and the damage rises – a 2015 study noted cyber-crime costs “skyrocketing” – the damage done to US national security is causing government to more actively protect the homeland through a more comprehensive cyber umbrella.
As the world moves to the “Internet of things,” where an entire household is connected — and even computers could interface with the human mind — the move to increasingly view cyber security as a threat to life and liberty is at hand.
