If hackers are the modern-day version of barbarians at the gate, then consider a group of San Diegans as the people shoring up the city walls and defending the perimeter.
“San Diego could be one of the hottest areas of the world when it comes to cybersecurity,” said Darin Andersen, an executive with Norway-based Norman Data Defense Systems, who spends a third of his time in San Diego.
“Important” is the adjective Ruben Barrales uses when describing cybersecurity’s place in the region’s technology sector. Barrales is CEO of the San Diego Regional Chamber of Commerce.
The bayside city is home to Spawar, the U.S. Navy’s information technology command. It was the first city to get an FBI cyber forensics lab; now there are more than a dozen. UC San Diego and San Diego State University augment the region’s computer security talent. And San Diego is the American base for ESET, an antivirus company with 180 local employees.
There may be more to come.
Andersen said San Diegans are making an effort to create a center for cybersecurity excellence, similar to one on the East Coast. This year, the federal government contributed $10 million to a public-private center of excellence in Gaithersburg, Md.
Symantec Corp., the company behind the Norton brand of antivirus products, recently estimated that the annual worldwide cost of cyber crime was $388 billion. Monetary losses were $114 billion during the 12-month period studied. Symantec’s pollsters also asked 19,000 people about the value of their lost time. From that, the company calculated a total value of lost time at $274 billion.
Cyber threats are many. There are people out to steal corporate or state secrets, often with the help or approval of foreign governments.
Intellectual property forms the “crown jewels” of many companies, Andersen said, so thieves go after information on the latest hardware or software, compounds poised to be the next blockbuster drug, or bids being prepared for oil and gas development.
Growing in prominence are attacks on industrial computing systems. Nuclear plants, water systems, electrical grids, financial institutions, and other pieces of the civil infrastructure have systems that could be vulnerable to viruses, Andersen said.
A very sophisticated computer virus called Stuxnet hit Iran recently. News reports said it took down centrifuges that were purifying uranium for that country’s nuclear projects.
CBS News’ “60 Minutes” program said the Stuxnet virus was able to get into secure computers by traveling on an infected thumb drive. The virus was then able to control the variable-speed motors on the centrifuges so the machines tore themselves apart. Operators were none the wiser: The infected computer told them that all was well.
Stuxnet could usher in a new era of attacks on critical infrastructure, the CBS report said.
Computer controls for industrial systems are known as Scada systems (Scada stands for supervisory control and data acquisition). Andersen said his company recently announced a Scada protection product — one that evaluates the system in front of and behind the computer controller. “We’ve been overwhelmed” at the response, he said.
“This area has really lit up” in the 12 months since stories of the Stuxnet attack went public, he said.
World militaries have grown to depend on computers, so hacking is another way to wage war.
SAIC is one company offering computer security to Spawar, the Navy’s Space and Naval Warfare Systems Command. Robert Giesler, a Maryland-based executive working on cybersecurity, named electronic key management one of the areas where SAIC assists its Navy customers in the San Diego region. Electronic key management refers to codes.
Kevin McNally is program manager for the Navy’s San Diego-based Information Assurance and Cyber Security Program Office, which provides computer security to sailors deployed in hostile waters.
“The cyber threat changes rapidly and requires us to be more flexible in fielding computer network defense capabilities,” McNally said by email.
The prime opportunity for defense contractors, McNally said, is “to provide cybersecurity capabilities that can be implemented and then evolve at cyber-speed — not the traditional military systems acquisition pace.”