Former Homeland Security chief warns of cyber threat
A television commercial that shows a father shutting down his home appliances and locking his front door with a tablet computer might prompt some people to exclaim, “Cool.” But it makes former US Homeland Security Secretary Michael Chertoff slap his palm against his forehead and sing the praises of the simple metal key.
“If you can remote lock it,” Chertoff said Wednesday, “ it can be remotely unlocked.”
Chertoff was the keynote speaker at a conference of cyber security specialists in Boston as the vulnerability of computer and Internet networks has become a major concern for consumers, businesses, and governments. The increase in large scale hacks on retailers, financial institutions, and even the White House illustrates that criminals, activists, and even foreign governments are looking for ways to break into networks, Chertoff said.
And the threat is growing, he added, as Americans increasingly connect to the Internet, not just to shop and watch their favorite shows, but also to control thermostats and pacemakers. “All of this should give us cause for concern,” he said.
The conference was sponsored by Advanced Cyber Security Center, a Boston-based group of business representatives, government officials, and academics who share information and research about online threats.
Charlie Benway, the center’s executive director, said it’s no longer enough for companies to build firewalls against hackers. They need to assume that criminals will find a way in and they need to take steps, such as early detection measures, to limit the damage.
Last year, nearly one in five Massachusetts residents had personal or financial information stolen in data breaches, driven largely by the massive data theft at Target Corp. during the winter holiday shopping season. This year, Home Depot Inc. acknowledged a security breach of credit and debit card information that banks and security analysts peg at larger than Target’s, which affected around 40 million customers.
In addition, the New York financial giant JPMorgan Chase & Co. and the parent of grocery stores Shaw’s and Star Market said this fall that they are investigating cyberthefts. And at the end of October, the White House acknowledged that hackers had breached an unclassified computer network used by the president and his advisors.
Chertoff, now a global security consultant, said private companies should invest in cyber security. But government, he added, has a role, too, in developing standards for basic steps that companies should take to protect data and incentives for them to follow through.
But legislation that would have encouraged more companies to confidentially share information about data breaches and reduce their liability if they were hacked was shelved last year after Edward Snowden revealed the government’s electronic monitoring program, Chertoff said. Privacy advocates grew concerned that the legislation would increase government access to this data.
“For many government and the Internet in the same sentence was a bad thing,” Chertoff said. But, he said, consumers can’t have privacy unless computer and Internet networks are secure.