Advertisment

So why is Obama pumping $14 bn on US cybersecurity?

If you thought this had to do with the recent Sony break-in, you could be right. But almost.

author-image
Pratima Harigunani
New Update
ID

Pratima H

Advertisment

INDIA: The much-talked about Budget proposal for 2016 fiscal year for US economy is finally out of the bags. Trillions of money, and a new spin to where taxes come from and where they go have, caught the fancy of people in US and outside it. Republicans may be getting ready for their part of the tale now and it may take some time before (and if) we see the proposal hitting ground-shovels, but till then, one has to keep one’s scalpel occupied, isn’t it?

Get closer to the table then as we put the torch on one specific part of the currently skeletal but still-crisply-defining shape of the Budget – Cybersecurity Spends. Yes, in 2016 fiscal year Prez seeks $14 billion (a hop of some $1.5 billion from the earlier kitty) for cybersecurity efforts with the intent of protecting federal and private networks from hacking threats.

The corpus, as media analysts remind, stood at around $10 billion in 2013. A reasonable and proportionate increase is obvious for any Budget, but that’s not what jumps out in this year’s proposal. The last few months in particular have sketched a new and gorier cyber-threat scenario, and US is no more on the fringes. In fact, no country is and with the growing propensity of threats that U.S. companies and government agencies confront from cyber intruders makes the picture murkier.

Advertisment

These threats are originating from both domestic and foreign shores and are not limited to garage-shacks any more. The greed and kick of cyber-vices has spilled over from yesteryear’s geek-dens to today’s political war-rooms and corporate boardrooms.

A White House brief has underlined this when it states "Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity."

Why and Where?

Advertisment

The question seems almost stupid when Ajay Dubey, National Manager – Partners & Alliances, Websense, a security player, points out at the disheartening state of affairs that last six weeks have unraveled.

“A company as mighty as Sony had to succumb to unknown hackers. The current state of cyber-dangers is more multi-dimensional with corporate-players, state-actors and a whole new gamut of stakeholders getting involved. “ It’s more than about some nerd clicking away at his machine in a garage, he rightly captures. But even though an e-pocalypse like Sony’s hit the international headlines, there are umpteen other stories that never catch our eyes and ears.

“So many vulnerabilities are popping every day and government sites are broken down even as insider-threats and corporate espionage assumes a graver shape.” Dubey also cautions that 2015 would be more complex than other years and the mass-move to mobiles and smart phones is going to make things trickier.

Advertisment

Ask Sanjay Katkar, Chief Technology Officer, Quick Heal Technologies if the US Budget allocation on cyber-security is enough and he seems unfazed. “Latest Budget announcement by US President Obama shows increase of around eight per cent in Cybersecurity spending. I still believe that even though it is good news Cybersecurity still needs more than what is allocated.”

The US funding for one is being reckoned to be directed for supporting monitoring and diagnostics of federal computer networks, public-private partnerships, cyber-weapons, and some key intrusion prevention-cum-detection systems and also on testing and incident-response training.

Quiz Dubey as to where the Budget spends might trickle towards and he incidentally, sums it in one word – data protection. “Data being stolen is a high concern today and major security budgets should be going towards protecting vital data, no matter what tool is being employed to that effect.”

Advertisment

Political Backdoors

Now note how the Pentagon's budget too slices out $5.5 billion for cybersecurity funding. Be it the question of vulnerabilities to cyber attacks, or out-of-kilter software or the impending danger of use of technology as a Trojan Horse of sorts, the landscape is clear on why cyber-offensive is becoming a serious cause of concern at such top country-levels and scales.

Katkar echoes the growing incidence and prospect of cyber-threats as he weighs in the current Budget hike. “Looking at last year’s high profile cyber-attacks that took place on private organizations as well as government establishments and the massive amount of data breach shows that there is more to do in cyber security space. Cyber Security is going to be key issues when it comes to national security and economic security.”

Advertisment

Dubey is not surprised at all of Budget spends in US increasing given the present and expected-future state of an industry that is becoming complex amidst threats darting in every direction and all across with each new day. “People are losing their jobs, salaries, identities, information and what not. Even on the corporate side, M&As or espionage circumstances are calling for a new level of cyber-intelligence with data from IP, medical formulae to crucial customer information or critical business pieces coming on the frontline.”

What’s more serious to spot here is that Cyber-security has moved beyond the precincts of corporate or commercial dangers. The classic Sony incident only reminded the world that countries are donning a new form of ammunition and technology has taken severe geo-political contours than ever.

As Dubey agrees, “If a comparatively weaker country like North Korea can presumably bring US to its knees with a sharp cyber-attack, then this world is no more limited to hackers for sure.”

Advertisment

Sanjay Rohatgi, President, India, Symantec dissects, "As we have seen in recent attacks and with discoveries like the Regin malware we found last year, the actors may not only include your average ring of criminals, but nation-states and organizations attempting cyber-espionage. Five per cent of the confirmed infections for Regin, which bears the hallmarks of a state-sponsored operation and believed to have been in use since at least 2008, targeting governments, infrastructure operators, businesses, academics and private individuals were found in India.”

Interestingly a new Forrester report on why Chinese government may be leaning towards local vendors; authors Bryan Wang, Charlie Dai, Michael Barnes and Di Jin explain - how in the wake of information released by former US National Security Agency contractor Edward Snowden in June 2013, the Chinese government has refocused on information security as a top priority and started to encourage local companies especially state-owned enterprises and public-sector organizations — to consider local products instead.

‘It appears that as a result of the NSA leaks, the Chinese government has changed how it evaluates technology suppliers in light of national security considerations — primarily for government agencies and large state-owned enterprises (SOEs). The press has reported that government agencies and SOEs will be asked to remove foreign tech vendors’ products from their BT environment and replace them with local vendor solutions to avoid any potential “backdoors” that might leak confidential information to other countries, ' the report mentions.

The analysts illustrate some major events in 2014 hinting at this pattern. In July, the State Administration for Industry and Commerce raided Microsoft offices in four major cities in China in connection with an antitrust investigation. In August, the People’s Daily reported that China’s government procurement agency had removed Symantec from its list of security software suppliers. In May, Bloomberg reported that IBM would likely be excluded from future bank purchases of high-end servers in China due to security risks.

Should India mimic US?

Now that that India’s own Budget-day is just around the corner, it becomes all the more timely to see why countries, that are otherwise superior and armed- high on conventional defense tools, are investing more on cyber-borders.

Katkar observes that India as a nation has lot to learn from this as our nation is not immune from the cyber threats. “I will say our nation is not prepared for the kind of cyber threats that exists today. It’s only that not much disclosures are happening, cyber-attacks are taking place and many of them are going un-noticed because of unawareness and unpreparedness of private as well as government establishments.”

That’s an undercurrent that even Dubey pokes at. Many sites are being compromised and companies being held ransom to cyber-vulnerabilities and yet not too many cases make it to the newspaper ink. India, with its fiercely growing Smartphone absorption rate and Internet penetration, has to spend 300 times more than ever, he quips. “Our spends are still on the lower side.”

While Rohatgi prefers not to talk on any country-specific needs in particular, he does feel an equally strong need for cyber security in today’s threat landscape. “We’re in the midst of a dramatic shift in the scale and motivations behind cyber-attacks. 2013 was the year of the mega-breach – attacks reached a new scale of damage."

Rohatgi cites visionary programs like ‘Digital India’ and ‘Smart Cities, when he makes a point for a protected and secure information infrastructure being critical. “The budget is a perfect opportunity to charter a clear plan in this endeavor with investments in a robust infrastructure and security.”

This brings to memory a not-so-old press release by the White House, Office of the Press Secretary when President Obama assumed his key leadership role and chalked out a vision for US. It mentioned poignantly that steps would be taken to protect American companies, consumers, and infrastructure from cyber threats, while safeguarding privacy and civil liberties. Of note here was President’s 2012 comprehensive blueprint for consumer privacy, the BuySecure initiative, and bills proposed on the lines of 'The Personal Data Notification & Protection Act', 'The Student Digital Privacy Act', 'Consumer Privacy Bill of Rights Legislation' etc.

Under the umbrella of Technology, the White House has laid an overarching focus on making sure that Americans deserve an Internet that is safe and secure, so they can shop, bank, communicate, and learn online without fear their accounts will be hacked or their identity stolen. President had declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.”

Interestingly, the Administration then was seen implementing the National Strategy for Trusted Identities in Cyberspace and had released the International Strategy for Cyberspace and other such efforts.

The latest Budget proposal then, only re-iterates what President Obama and other world leaders already are wary of. Security is an ever-changing and always-reincarnating villain, more dangerous and complicated than its previous avatars- every next time.

Would the Indian Budget chime in here?

tech-news security