The most urgent threat to national security has been swept under the rug, according to speakers at the Greater Baltimore Committee’s annual Economic Outlook Conference on Thursday.
Businesses have become increasingly vulnerable to cyber crimes, they said, as more valuable and sensitive information is stored in online databases or shared networks.
Because U.S. companies are insufficiently protected, they risk losing their status as innovation leaders and are jeopardizing the economic stability of the entire country, said Rep. Mike Rogers, a Michigan Republican who chairs the House Intelligence Committee.
As about 200 business professionals dug into plates of scrambled eggs, Rep. C.A. Dutch Ruppersberger, of Maryland’s 2nd District, told them their companies could be at risk.
“I guarantee some companies here today are being attacked and don’t know it’s happening,” said Ruppersberger, a Democrat and member of the Intelligence Committee.
As the first speaker, Ruppersberger set the tone for the event with vivid descriptions of the damage cyber criminals have inflicted upon U.S. businesses, such as stealing formulas from pharmaceutical companies.
About $300 billion in trade secrets are stolen every year as a result of cyber crime, according to the U.S. Cyber Command, which is headquartered at Fort George G. Meade in Anne Arundel County.
“It’s that serious,” Rogers said. “We are just one day, one event away … from a catastrophic attack in this country. And every day, someone is stealing something of value from you, our business community.”
Under current law, government intelligence agencies cannot share classified information about cyber attacks with private providers, such as Verizon Communications Inc. and AT&T. In April, the Intelligence Committee introduced the Cyber Intelligence Sharing and Protection Act, which would eliminate that restriction.
Controversy about consumer privacy had surrounded the bill because it was considered alongside the Stop Online Piracy Act, which was highly unpopular among civil liberties groups, but it passed the House in April. The Senate is set to debate its own version of the bill, and Ruppersberger said he’s hopeful both houses will be able to find common ground.
The legislation would allow intelligence agencies to share their discoveries of malicious codes with providers.
“They would then take that source code and apply it to their filters,” he said. “As a user, you wouldn’t have a clue one way or another.”
Attendees said they appreciated the Greater Baltimore Committee’s decision to make cybersecurity the theme for this year’s event, as the topic is often ignored because of its complexity.
Barry Budish, vice president of strategic development at Linthicum-based Exceptional Software Strategies Inc., said because cybersecurity is one of his areas of expertise, he understands the importance of making sure other businesses take it seriously.
“I think there is a cyber war, there is a threat out there,” he said. “And companies and individuals need to be aware of it and do what they can.”
Even though Budish is familiar with cyber crime because of his field, he said he was surprised to learn about the threat’s magnitude and to see the general “lack of awareness” among the public.
George M. Schu, senior vice president of Booz Allen Hamilton, underscored the economic impact of a single data breach — the average cost for one company is $5 million, he said, adding that it’s still unknown how many such incidents actually happen.
A large coordinated cyber attack, he said, would be far more debilitating. He said companies should take a more comprehensive approach to increasing their preparedness.
“To do cybersecurity right, you have to address people, processes and technology,” he said. “We’re looking at a totally new way of getting the cybersecurity posture of an enterprise up and functioning. The threat is pernicious and evolving. It’s getting worse every time we see it.”
Despite the sobering statistics revealed throughout the conference, the mood stayed generally light-hearted. Speakers poked fun at their own political careers and joked with sleepy audience members, but they made their message loud and clear.
“We figure, if we can’t sleep at night,” Rogers said, “neither should you.”