General Michael Hayden former CIA and NSA Director

General Hayden's CyberSecurity Advice to Business Leaders

May 20, 2014
How manufacturing leaders can protect their businesses from cyber-threats.

With yesterday's announcement that the U.S. has indicted five Chinese military hackers for economic espionage and other offenses directed at U.S. industries, the comments of General Michael Hayden, former CIA and NSA Director, to executives attending last week's MAPI Executive Summit resonates.

Gen. Hayden: "cyber biggest deal since discovery of Wstrn Hmsphre, changes every aspect of life." #MAPIsummit." pic.twitter.com/JgwqK0ng61

Indeed, the indictment, the first-ever prosecution of state actors over cyber-espionage, might come as a surprise to attendees. General Hayden noted the tightrope on which the U.S. government balances as it attempts to deal with cybersecurity, especially with China--and especially following Snowden leaks alleging that the U.S. hacked Tsinghua University in Beijing.

Initial response to the charges support Hayden's assessment:

"The U.S. wants to send a message to Beijing that industrial espionage is not fair game -- that's the real point behind criminal charges against five Chinese hackers, analysts say," asserts a report on cnbc.com.

"I would be surprised if this goes all that much further. I think that Washington is trying to send a message that says 'hey we're onto you guys,'" Alexander Kliment, director at the Eurasia Group, told CNBC.

"It would be very difficult for the U.S. to substantially change Chinese behavior in this area without a massive escalation in these charges or a broadening of those charges that could really start to affect the economic interests of the U.S.," he added.

Three Steps to a Secure Network

To combat the threat, Hayden advises companies to protect themselves at three levels:

1. Defend at the wire: The widely applied defense, says Hayden, is to practice good cyber-hygiene. This includes strong system administration, firewalls, virus software, and strong passwords.

This approach, he says, would--"if you do it perfectly, and you won't--wipe out the less capable 80% of all the attacks you would face."

2. Counter breaches: The next level of protection is to "ensure resilience upon attack, to keep going even if you've been attacked," Hayden says. This level, assumes the "presumption of a breach." He adds, "If you're a lucrative target, and if a really talented adversary wants to, they're penetrating your network."

Hayden notes that with this approach you "wrap your most precious data more tightly and be aware of when they are getting in." It employs intimate knowledge of how your network works, and often deploys big data to continuously monitor your network, checking for anomalies that suggest a breech, and then countering it.

3. Identify Future Threats: A higher level of protection is to conduct cyber-threat intelligence, which, instead of defending against the abstract, defends against the specific. By conducting cyber-threat intelligence, you go out and get the intelligence... it's these specific people, coming after you in this specific way, and they're coming for this, Hayden asserts.

With this approach, companies use tools like web crawling, port scanning, infiltrating chat rooms, and other intelligence gathering methods. "It's not intelligence-like or intelligence-lite," declares Hayden. "It's no-fooling intelligence."

A fourth level, cyber-insurance, is not quite fully defined, says Hayden. With cyber-insurance, the idea is to share the cyber-threat risk with others. "What's the model for cyber-insurance?" asks Hayden. Among other ideas, it is "insuring you against the loss of your data, the loss of your network and your losing everyone else's data (the class action)."

About the Author

Patricia Panchak Blog | Editor-in-Chief

Focus: Competitiveness & Public Policy

Email: [email protected]

Follow on Twitter: @PPanchakIW

Call 216-931-9252

In her commentary and reporting for IndustryWeek, Editor-in-Chief Patricia Panchak covers world-class manufacturing industry strategies, best practices and public policy issues that affect manufacturers’ competitiveness. She delivers news and analysis—and reports the trends--in tax, trade and labor policy; federal, state and local government agencies and programs; and judicial, executive and legislative actions. As well, she shares case studies about how manufacturing executives can capitalize on the latest best practices to cut costs, boost productivity and increase profits.

As editor, she directs the strategic development of all IW editorial products, including the magazine, IndustryWeek.com, research and information products, and executive conferences.

An award-winning editor, Panchak received the 2004 Jesse H. Neal Business Journalism Award for Signed Commentary and helped her staff earn the 2004 Neal Award for Subject-Related Series. She also has earned the American Business Media’s Midwest Award for Editorial Courage and Integrity.

Patricia holds bachelor’s degrees in Journalism and English from Bowling Green State University and a master’s degree in Journalism from Ohio University’s E.W. Scripps School of Journalism. She lives in Cleveland Hts., Ohio, with her family.  

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!