BankThink

To Thwart CyberAttacks, Hire More Forensics Investigators

A recent speech by Secretary of Defense Leon Panetta on cybersecurity to the Business Executives for National Security highlights the urgency of ramping up U.S. efforts to thwart cybercrime. Secretary Panetta noted that in recent weeks, some large U.S. financial institutions were hit by so-called distributed denial of service attacks that delayed or disrupted services on customer websites. "While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented," he said.

The U.S. banking and financial sector must be prepared for state-sponsored cyberattacks that will focus more on disrupting financial transactions rather than stealing funds. A loss of confidence by the public in the financial infrastructure will be more devastating than the potential loss of millions of dollars. It is for this reason that Secretary Panetta believes China may want to ally with the U.S. to fight rogue nations, like Iran, which is being credited by unnamed American intelligence officials for the recent string of disruptions at major banks. China has a significant interest in the success of U.S. banking given their financial investments in U.S. government debt, deposits and other securities.

The recent growth of state-sponsored cyberwarfare is very troubling and certainly not limited to the recent attacks by Iran. Stuxnet was a computer worm that was used to target Iranian installations suspected of enriching uranium in 2010. Many believe that either the U.S. or Israel was behind this sophisticated attack. Its use can be considered a great achievement given that sanctions against Iran have been largely ineffectual. Nevertheless, these successes are sure to inspire rogue nations to adopt similar tactics. As Panetta noted, it's no secret that Russia and China have advanced cyber-capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage.

The fight against cybercrime will be difficult, considering that there are so many enemies of the state. We have recently witnessed criticism of big banks, and financial companies, by hacktivists, like Anonymous and AntiSec, who have followed up with serious network security breaches. Historically, we have been fighting to protect intellectual property against the Chinese and numerous other nations and now we have the added dimension of sophisticated state-sponsored attacks on our critical infrastructure.

Panetta has made clear that the U.S. is the best in the business at mitigating these daily threats. While this may be true, we must question whether we have enough professionals to secure critical networks in the U.S. The monetary commitment by the Obama Administration exists through the numerous initiatives laid out by the President for cybersecurity. Panetta noted in his speech that the Department of Defense is allocating $3 billion annually to cybersecurity.

But adequate staffing remains a glaring issue. Students are not being enticed into becoming technology majors and, moreover, a large percentage of those that do graduate with a programming or computer science degree are foreign-born. This pool of talent will not have the opportunity to work for a government agency since they are not U.S. citizens. Additionally, the banking and financial sector will need graduates with computer forensics expertise or at least have a plan to train them onsite.

It is critical that universities increase their focus on computer forensics because it is very different from computer security. We need more experts who can investigate what happened and identify the perpetrators of attacks rather than simply focus on protecting our critical infrastructure.

Our national security will depend on tech-savvy experts and will not just rely on our military. What is refreshing about the Panetta’s speech is that it makes mention of the DOD investing in forensics for the purposes of attribution. U.S. banks and other financial institutions must continue to create and reinforce their computer forensics capabilities and examiners to assess the perpetrators of cyberattacks and subsequently use this information to build better defenses.

President Obama has already expounded the importance of training thousands of Americans to fill vacant jobs in technology. However, the urgency to create many of these jobs is critical to the national security of this country. Many talk about the threat of cybercrime, but Panetta’s speech clearly asserts that we are already engaged in cyberwarfare.

Banks and financial institutions must understand that investigating network breaches through computer forensics is equally as important as securing networks. Some banks are taking the lead in hiring forensic investigators but other financial institutions need to be more proactive with seeking out talented individuals. Some organizations have found skilled professionals who are retired from law enforcement while others have enticed recognized professionals from other corporations. Other financial institutions have hired an expert who will in turn hire recent computer science graduates with an interest in the field.

Darren Hayes chairs the computer information systems program at Pace University’s Seidenberg School of Computer Science and Information Systems in New York. A former investment banker, Hayes began his career in the financial services industry with Cantor Fitzgerald at the World Trade Center.

For reprint and licensing requests for this article, click here.
Bank technology Community banking Consumer banking
MORE FROM AMERICAN BANKER