Save this content for laterSave this content on your device for later, even while offline Sign in with FacebookSign in with your Facebook account Close

Space Symposium speaker: Businesses getting the message about cyber security

May 19, 2014 Updated: May 21, 2014 at 5:46 pm
Caption +
Mark Fife works Sunday, April 7, 2013, to calibrate display screens at Boeing's booth at the 29th National Space Symposium at the Broadmoor. Photo by Mark Reis, The Gazette

If a major data breach at Target last year didn't wake business owners up to the reality of cyber attacks, accusations Monday that Chinese military officials hacked into several U.S. companies might spur them into action.

But it appears the Target breach was enough to compel many U.S. businesses to take steps to make their networks more secure, according to a partner at a Denver-based law firm who specializes in cyber security.

"It scared the daylights out of everyone else," Tracy Gray, a partner at Holland & Hart's Boulder office, said after taking part in a panel discussion Monday on the first day of the four-day Space Symposium at The Broadmoor.

"Information has come out that there were signs and network weaknesses up to a year in advance (of the breach). There were vulnerabilities that could have been addressed, and addressing vulnerabilities beforehand is the way to go."

Gray was one of four members on the Cyber 1.4 workshop panel who discussed how businesses and government agencies could better protect sensitive data and systems.

Businesses will have to balance the cost of better securing their network against the risk of failing to do so, which in Target's case is likely to result in an insurance claim for $100 million in damages, Gray said. The biggest threat of cyber attacks has traditionally been in the financial services industry, but the Target breach put retailers on "high alert" that attackers are increasingly focusing on them as a way to get financial information, she said.

In the case announced Monday, five officers of the Chinese People's Liberation Army are accused of hacking into computers at Westinghouse Electric Co., U.S Steel Corp., Alcoa Inc., several others businesses and a union to gain access to trade secrets and private communications.

"There's not been a lot of this, but it does set a precedent," Gray said.

It remains to be seen whether the indictments against the officers will send a message to other would-be hackers, she said. Without a successful prosecution, there will likely be no deterrent.

Avoiding attacks begins with top management communicating the importance of maintaining cyber security, but also requires training employees how to keep a company's or government agency's network secure, Gray said. Companies also should have a policy in place for what to do when an attack occurs, and that policy must be flexible enough to deal with any attack, she said.

William Marion, a panel member and chief technology officer of Air Force Space Command, emphasized that people are the most important line of defense in maintaining cyber security, which he said is less about "the network itself; it comes down to how users behave on the market."

Panel moderator Christopher Ling, who is executive vice president of military contractor Booz Allen Hamilton, said one of the ways his company maintains cyber security is by sending out fictitious emails to employees, trying to convince them to click on a link. If they do, they have to attend a two-hour training session on following the company's cyber security policies. So-called "spearfishing" - sending authentic-looking emails to company employees - is allegedly how the Chinese officials operated.

Some of the newest methods for maintaining cyber security include software that looks for changes in user behavior as a clue that a breach has happened, and using "frequency-hopping" technology that randomly changes the user's location on the network to make it more difficult for attackers to "get a fix on where you are," said Jeffrey Snyder, a panel member and vice president of cyber programs for defense contractor Raytheon.

"The threat is real, stealthy and will always be there. We have to minimize it," Snyder said.

Register to the Colorado Springs Gazette
Incognito Mode Your browser is in Incognito mode

You vanished!

We welcome you to read all of our stories by signing into your account. If you don't have a subscription, please subscribe today for daily award winning journalism.

Register to the Colorado Springs Gazette
Register to the Colorado Springs Gazette
Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Already a Subscriber? LOGIN HERE

Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Subscribe to the Colorado Springs Gazette

Some news is free.
Exceptional journalism takes time, effort and your support.

Already a Subscriber? LOGIN HERE

articles remaining
Thank you for your interest in local journalism.
Gain unlimited access, 50% fewer ads and a faster browsing experience.