Cyber attacks are more likely to come from criminals funded by U.S. enemies than from the enemies themselves, former National Security Agency director Mike Rogers said Thursday in Colorado Springs.
“Cyber criminals are a much bigger threat than nation-states,” Rogers said during a question-and-answer session with Dale Hetke, chief operating officer of the National Cybersecurity Center, at the National Cyber Symposium at The Broadmoor.
“Some states are creating relationships with (cyber) criminals, giving them money, tools and targets. I suspect that will grow, and it won’t just be the Russians.”
Rogers was one of two featured speakers at the symposium Thursday, along with BlackBerry CEO John Chen. Chen described how his company shifted from producing one of the world’s most popular mobile devices to becoming a provider of security-focused software to many of the world’s top mobile device manufacturers as well as internet-connected devices in Ford, General Motors and other vehicles.
Cyber attacks will soon become a weapon, Rogers said, because of the growing number of internet-connected devices from cellphones and fitness trackers to thermostats and medical devices such as pacemakers. He also warned that the Pentagon needs to change how it buys weapon systems to build in cybersecurity from the beginning and include funding for cyber updates and defensive “fixes,” since many systems have outdated cybersecurity protections by the time they are delivered.
Rogers also said he is not concerned about a cyber “Pearl Harbor” or surprise attack on the U.S. government or corporate computer networks because such an attack wouldn’t be a surprise, and governments and businesses have recovered more quickly from hackers than from natural disasters. He said he is more worried about breaches affecting health care information, because such data are widely shared and the devices measuring health data are multiplying.
He also said the NSA had “lost capabilities” due to leaked information by former contractor Edward Snowden. Those capabilities “had been publicly acknowledged and had to be shut down,” Rogers said. None of the agency’s surveillance activities revealed by Snowden’s leaks had been found to violate federal law or privacy rights of Americans, despite numerous investigations. Snowden, living in exile in Russia, wrote a memoir published this week, defending his actions.
Chen, who became BlackBerry’s CEO in 2013, described how the company was headed for financial disaster when he arrived, with declining sales, dwindling cash and Chinese competitors who could sell similar devices for less than the cost of the parts for BlackBerry’s smartphones. He said he had to slash costs so the company started to generate instead of burn through cash.
“I had this romantic notion that through cleverness and partnerships, I could get BlackBerry back on track. I didn’t want on my resume that I was the CEO that got us out of phones,” Chen said.
“But when I toured a manufacturer in China, they showed me a phone, and I asked how much it would sell for. They told me $299. That’s what the parts for our next phone were going to cost. I knew then we were deep into the phase of phones becoming a commodity.”
To come up with a new strategy, Chen said, the company had to determine what it did better than its competitors. Since BlackBerry was known for reliability and privacy, he refocused the company on privacy and security through software giving the company higher profit margins than selling consumer phones that were dropping in price.
The company made numerous acquisitions over the past six years as part of its new strategy, including its purchase late last year of antivirus software provider Cylance to add artificial intelligence capabilities to BlackBerry’s security products for internet-connected devices. Chen said the company now generates more than $1 billion in revenue from security products and last year made its first profit since 2012.
“We wanted to keep the technology we developed and expand it beyond BlackBerry phones by putting all we knew about security into every phone and device,” Chen said. “Our technology treats a network like a house and locks every door and identifies everyone in the house and how they are behaving and assigns them a risk score.”