The loss of industrial information and intellectual property through cyber espionage constitutes the “greatest transfer of wealth in history,” the nation’s top cyber warrior Gen. Keith Alexander said Monday.
U.S. companies lose about $250 billion per year through intellectual property theft, with another $114 billion lost due to cyber crime, a number that rises to $338 billion when the costs of down time due to crime are taken into account, said Alexander, the director of the National Security Agency and commander of U.S. Cyber Command, in remarks Monday at the American Enterprise Institute.
“That’s our future disappearing in front of us,” Alexander said, quoting industry numbers to estimate that $1 trillion was spent globally last year on dealing with cyber espionage and cyber crime.
But the real threat on the Internet will come when cyber attacks become militarized, a threat the U.S. must deal with now, he said.
“What we need to worry about is when these transition from disruptive to destructive attacks, which is going to happen…. We have to be ready for that,” Alexander said. “This is even more difficult to the nuclear deterrent strategies we used to think about in the past.”
There are 75 million unique pieces of malware in the database of McAfee, a leading cyber security company, Alexander said. Botnets, networks of compromised computers controlled remotely, send out 89.5 billion unsolicited e-mails per day, about one third of all emails sent. Over 100 countries have network exploitation capabilities, he said.
The number of cyber attacks rose 44 percent in 2011, malware increased by 60 percent, and the number of attacks on critical U.S. infrastructure rose from 9 in 2009 to more than 160 in 2011, Alexander said.
The major companies who have suffered successful cyber attacks since 2011 include Google, Booz Allen, Mitsubishi, Sony, AT&T, Visa, Stratfor, Chamber of Commerce, Symantec, Nissan, Visa, and Mastercard, he said. For every known attack, about 100 are successful and never detected, he added.
“The theft of intellectual property is astounding and we’ve got to stop that, and my part of that is we need to have a viable defense,” he said.
Alexander called on Congress to pass cyber legislation, although he declined to endorse any particular bill moving its way through congress. He quoted Secretary of Defense Leon Panetta as warning of a cyber “Pearl Harbor,” and quoted Secretary of State Hillary Clinton calling for a new U.S.-China dialogue on cyber issues.
He said that the U.S. government and its interlocutors should move to cloud-based computing, arguing that security in the cloud is more agile and responsive to threats, although not perfect. “We know that the system we are on today is not secure.”
The U.S. government also needs more situational awareness in cyberspace and a more organized and active cadre of military cyber warriors to respond to threats, according to Alexander. “We need to build a trained and ready cyber force with the right number and the right capacity,” he said.
“The conflict is growing, the probably for crisis is mounting. While we have the time, we should think about and enact those things that ensure our security in this area,” he said. “And do it now, before the crisis.”