"In the past six months, we've seen foreign attacks on oil and gas companies in the Middle East and on U.S. banks, including Bank of America, PNC Bank, Wells Fargo, Citigroup, HSBC, and SunTrust. How will we react if the next attack is against the electric grid, or our food and water supply?" he asks.
In recent months, cyber attacks have become much more sophisticated, says the Cyber Security Council's Martinez. In some cases, overseas attackers have taken over servers in the United States that they then used to launch secondary attacks, making it appear as if one U.S. company was attacking another.
"The good news is [security] teams in most Fortune 500 companies are able to detect this and reverse it, but this type of threat is going to be a very big problem for us over the next 12 months," Martinez says.
Another battleground in the cyber war is the software industry. Much as we saw with the APT attack against Adobe Systems' software last year and with the attacks using weaknesses in Oracle's client-side Java over the last several years, we can expect to see more attacks against trusted software providers such as antivirus vendors, says Pat Clawson, CEO of security products vendor Lumension. "The attackers want to get to the unparalleled access they have to their customers," he says. "Once the antivirus vendors' payloads are compromised, the devastation could be staggering." Such fears explain why the feds recently advised all Americans to disable the compromised Java in their browsers.
Such cyber attacks on U.S. companies and their overseas partners, as well as on the Internet infrastructure, could be as devastating as the 9/11 attacks on the World Trade Center and the Pentagon, warned Leon Panetta, the U.S. Secretary of Defense. And Janet Napolitano, the Secretary of Homeland Security, warned just last week that a cyber 9/11 attack could happen at any time.
Cyber attacks and counterattacks are escalatingWith the digital homeland now a cyber battlefield, "the paradigm in the U.S. must shift from defense to offense -- within internationally appropriate rules of engagement, of course. But offense will be necessary because a pure defensive strategy is not sustainable," says the Cyber Security Council's Martinez.