Mr. Robert Lentz - Former U.S. Deputy Assistant Secretary
Cyber Security and the Spreading Challenges
Mr. Robert Lentz
This workshop, dating back to Moscow 2004, was the first to really bring together the diplomatic and national security leadership community—defense ministers and so on—at a very senior level to have deep discussions about information technology and its corresponding security implications. We now call this arena cyber security. Other groups are following suit, one of which occurred in Texas recently, called the East-West Conference. The reality is that the United Nations sponsored activity called the International Telecommunications Union (ITU), the World Economic Forum, best known for its annual meeting called Davos, or even the G-20 group of twenty Finance Ministers and Central Bank Governors all must step up and make cyber security a top priority. NATO is finally getting on board and even the U.S. Deputy Secretary of Defense is making a worldwide tour promoting greater focus on this critical topic. The good news is that IT Security/Cyber Security is no longer just the province of techies or geeks. World leaders finally understand that, with the advent of the Information Age, enabling trusted communications and preventing terrorists or criminals from exploiting the Internet to their advantage is now a core security issue that must be dealt with aggressively.
EARLY ADAPTION TO THE INTERNET
In the early-2000s, even the U.S. Department of Defense was just establishing its strategy for how we were going to adapt to the Internet. We came up with a strategy called Power to the Edge, referring to the power of information, and we began to deploy those capabilities as rapidly as we could. The problem was that, when we had those discussions back in the early-2000s time frame and we were making massive investments in the DOD post 9-11, we unfortunately did not bake in security from the beginning. I know that sounds to some like a fairly minor strategic decision, but the decision of the leadership at that point in time was that we had to get the Internet-based capability out there first in order to show people that the Internet could be the kind of technology that we could rely upon to completely transform the way military operations are conducted around the world. There were a lot of naysayers, but, over the following years, everybody became a believer in that idea, and doctrine and strategy started to change.
THE DUAL-EDGED SWORD OF NEEDING INFORMATION AND NEEDING TO SECURE IT
Let’s look at what happened in Iran in terms of how the Internet became a key tool. Let’s also look at what is happening in Afghanistan with the counter-insurgency efforts. Let’s look at how important the Internet is for conducting operations like you heard Microsoft’s Tim Bloechl describe with the rich deployment of IT globally or dealing with stability operations in Africa or the Middle East. All of that is part of the fundamental issue that our cyber panel must address: The paradox that we face, the dual-edged sword of making information available while at the same time trying to secure that information so that it cannot be used against us.
CYBER SECURITY AS A GAME CHANGER
Over the years at this workshop, we all agreed that cyber security has become a game changer. I am not going to elaborate on the details, but we have seen it in Estonia; we have seen it in Georgia; we have seen it in Lithuania; and we have seen it in Belarus with the Radio Free Europe denial of service attack. We have also seen it with the cable cuts in the Mediterranean, which were indirectly a cyber space event highlighting the fragility of traditional communications, and we have seen it most recently with the tremendous rise in cyber crime. Once again, experts in this field will tell you that they are shocked at how cyber crime has swept over the world and that there is more money in cyber crime than there is in the drug trade. One statistic that I think is very startling in this area is that one in every five victims in the critical infrastructure area is a victim of cyber extortion—this is the reality of what we face. In China, we recently saw Google and other major companies become victims of very sophisticated, targeted cyber attacks, which is the newest trend that is occurring every day.
Before ending my remarks and turn to our esteemed panel, I would like to throw out a question: What country in the world today has the highest level of cyber security adoption? The answer is China, which also has the highest level of encryption in the world today. Draw any conclusions you want from that, but the reality is that we are all together in this information revolution and we all have a responsibility to deal with it.