Changes in Cyber Risk Mean “We Need A New Approach,” Says General Keith Alexander At Joint Industry Forum

FOR IMMEDIATE RELEASE
New York Press Office: (212) 346-5500; media@iii.org

NEW YORK, January 14, 2015 — Cyber and terrorism risks are changing—and the government has the same problems as any industry, according to General Keith B. Alexander, U.S. Army (Ret.) and former Commander, U.S. Cyber Command, the keynote speaker at the Property/Casualty Joint Industry Forum, held here.

Gen. Alexander, who was director, National Security Agency, Chief Central Security Service with NSA/CSS from 2010 to 2014, noted that technology is changing at phenomenal rates. “The amount of unique information will double every two years,” he said.  “There are huge changes coming our way, but should we stop and take a rest?”

Gen. Alexander referenced IBM’s Watson, the artificially intelligent computer system that has changed technology. “Watson is capable of answering questions and can beat humans at Jeopardy,” he said. “They took Watson and adapted it to go after the most lethal form of brain cancer. If you were diagnosed with a certain type of brain cancer, it metastasized so quickly, all the information changed,” he said. “Using Watson, they were able to diagnose the type of cancer and its treatment in nine minutes instead of 30 days.”

Gen. Alexander also mentioned new changes in the mapping of the human gemone, which tells the probability of getting certain diseases. “It holds the secret to how we will solve these diseases—so we can’t stop,” he said, adding, “but with these great opportunities there are many vulnerabilities.”

Looking at the issue of hacking, Gen. Alexander noted that Estonia is more wired than the U.S., but is also vulnerable to hacking, and that Georgian banks were hacked in October 2008 during its war with Russia. He also mentioned the wiper virus that took place in 2012 where data in 30,000 systems was affected. “In March 2013, South Korea was hit with the same version of the wiper virus as Sony.”

Gen. Alexander pointed out that the underlying technology is shifting. “You have criminals stealing and selling data, which is costing $445 billion a year in cybercrime.”

Referencing the hacking of Sony, Gen. Alexander said that the problem is that it is not defensible today.  “(Hackers) are getting in at the same rate and speed as we are. We need a new approach.”

Gen. Alexander noted that there are two areas the U.S. needs to focus on: defensible architecture and cyber legislation. “The government needs to work with industry to understand the landscape and vice versa. You can’t have Sony inciting something against North Korea. We need cyber legislation so we don’t leave these companies hanging out there.”

Gen. Alexander noted that privacy and liability are real concerns when industry gives data to other firms or the government and that protections for information sharing need to be developed. “We can come up with ways to protect our network far beyond what we’re doing today, Gen. Alexander noted.  “We’re the country that created the Internet; we should be the ones to protect it.”

Gen. Alexander pointed out that industries are prevented from sharing some forms of data with each other or the government under the 1986 Electronic Communications Privacy Act. “If the government gives someone information that might backfire—who’s liable, the government or the industry?”

Forum participants asked whether any legislation was being drafted. Gen. Alexander said the House did pass a bill, but that it needs to be re-done with a new Congress. “The issue of liability is important to you as an industry and you should be involved in some of those discussions,” he said. “We’ve got to have the right set of liability issues, do something to protect networks.”

The same day the Forum was held, President Obama announced a new legislative proposal, enabling cybersecurity information sharing.

“The issue is, for the president or any decision maker, what’s the most efficient and effective way to stop a war, to keep countries from fighting and what tools and capabilities do you have to do that? Republicans and Democrats look at this the same. They look at all our capabilities and in the future, cyber will be melded into it. What happened to Sony, could happen to others in this country and throughout the world.”

The Property/Casualty Insurance Joint Industry Forum was created to provide leaders from the widest spectrum of the industry with an opportunity to meet with each other in discussion of topics of general interest. Participants included nearly 250 representatives from property/casualty insurance and reinsurance companies and organizations. Of these, roughly 40 percent responded to the survey.

The sponsoring organizations of the Forum represent a broad range of insurance interests and audiences. They include: ACORD, American Insurance Association, the Association of Bermuda Insurers and Reinsurers, The Geneva Association, Insurance Institute for Business & Home Safety, Insurance Information Institute, Insurance Institute for Highway Safety, International Insurance Society, National Association of Mutual Insurance Companies, National Council on Compensation Insurance, National Insurance Crime Bureau, Property Casualty Insurers Association of America, Property & Liability Resource Bureau, Reinsurance Association of America, The Institutes and Verisk Analytics.

THE I.I.I. IS A NONPROFIT, COMMUNICATIONS ORGANIZATION SUPPORTED BY THE INSURANCE INDUSTRY.

Insurance Information Institute, 110 William Street, New York, NY 10038; (212) 346-5500; www.iii.org