Changes to cyber approach needed, retired U.S. general tells P&C industry

A new approach to combating cyber security risks must be developed, one that incorporates better legislation and defensible architecture, a retired U.S. army general said during the Property/Casualty Insurance Joint Industry Forum in New York.

With the continuous changes in cyber and terrorism risk, the government has the same problems as any industry, a press release Wednesday from the Insurance Information Institute (III) quotes U.S. Cyber Command General Keith B. Alexander as saying during his keynote speech at the forum.

“The amount of unique information will double every two years,” noted Gen. Alexander, who was director of the National Security Agency, Chief Central Security Service with NSA/CSS from 2010 to 2014. Pointing out that technology is changing at phenomenal rates, he told session attendees noted “there are huge changes coming our way, but should we stop and take a rest?”

Explaining that the underlying technology is shifting, “you have criminals stealing and selling data, which is costing US$445 billion a year in cyber crime,” Gen. Alexander pointed out.

The recent attack on Sony represents an example that the problem is that it is not defensible today. “(Hackers) are getting in at the same rate and speed as we are. We need a new approach,” III reports Gen. Alexander as saying.

“What happened to Sony, could happen to others in this country and throughout the world,” he pointed out.

Gen. Alexander advised attendees that the United States must focus on both defensible architecture and cyber legislation. “The government needs to work with industry to understand the landscape and vice versa,” he said. “We need cyber legislation so we don’t leave these companies hanging out there.”

Privacy and liability are real concerns when industry gives data to other firms or the government, Gen. Alexander noted, adding that protections for information sharing need to be developed.

The forum was held the same day that President Obama announced a new legislative proposal, enabling cyber security information sharing.