As about 570 computer hackers and anti-hacking experts gather at a conference in Miami this week, a couple of key themes are emerging: The threat of cyber attacks on corporate and government sites is on an ominous rise. And there is a fortune to be made in battling the bad guys.
Banks getting hit with “denial of service” attacks that overwhelm computers, preventing legitimate users from logging on. Healthcare facilities, including the University of Miami Hospital in July, have had confidential patient data snatched from databases.
And even more worrisome, attacks are escalating to new levels, such as a high-profile virus onslaught that damaged 30,000 computers owned by Saudi Aramco, the Saudi Arabian state oil company, in August.
“Pretty much everyone here at the conference could quit their jobs and have another job by the end of the day,” said Gunter Ollmann, vice president of research at Damballa, an Atlanta-based security firm focused on cyberthreats and other remotely controlled criminal threats. “The number of security companies is growing.”
“It’s only growing,” Clem Spriggs, an engineer with Saint Corp., said of the demand for computer security. His data-security firm, based in Bethesda, Md., has a booth at the conference that touts its skills in vulnerability scanning, penetration techniques and compliance reporting.
Hackers Halted, a three-day conference at the Intercontinental Hotel that continues through Wednesday, was organized by EC-Council — an Albuquerque, N.M.-based organization that provides professional certification for “ethical hackers.” The program includes 59 speakers covering cutting-edge topics in cybersecurity, including risks and defense tactics.
The rising chorus of warnings — some from the highest levels of government — suggests that the risk is increasing for a major attack on critical infrastructure, such as electrical grids, communications and banking.
Secretary of Defense Leon Panetta, in a highly publicized speech Oct. 11 to the Council on Foreign Relations, bluntly warned of the risk of a “cyber Pearl Harbor.” He called on Congress to pass comprehensive legislation, such as the bipartisan Cybersecurity Act of 2012.
Recruiters for the U.S. Army Intelligence and Security Command (INSCOM) were on hand Tuesday at the conference, looking at “building an elite team of cyberspace professionals” — a Cyber Brigade, according to a brochure.
“We’re looking for people in industry and the private sector with skill sets and for a number of college kids,” said Mark Smith, a representative of INSCOM.
The effort is the Army’s portion of the U.S. military’s Cyber Command launched in 2010 at Fort Meade, Md., he said.
The conference includes hacking competitions, in which experts face off with laptops to see who can “capture the packet” of data the fastest.
David Willson, an attorney at Titan Info Security Group, a cyber law firm, piqued interest among the crowd at an afternoon session Tuesday with a discussion of what is legally permitted in identifying and fighting back against the bad guys once they have penetrated a computer.
“Cyber security is about to take a major turn,” said Victor Nappe, CEO of South Florida-based SECNAP Network Security, which markets CloudJacket, a managed cybersecurity service.
“There are conversations at the highest level of government as we speak. You guys in this room: You’ve got a career forever.”