Former U.S. Army General On Cybersecurity: U.S. Is Great At Offense, But Defense Needs Work

Gen. Jack Keane, a retired four-star general, said the U.S. needs to bolster its cybersecurity efforts or risk a potentially "catastrophic event."

Keane, who served as vice chief of staff for the U.S. Army, spoke to government VARs at XChange Public Sector 2014 in Washington, D.C. Keane said it is "high time" to improve the country's cybersecurity, both from a public sector and private sector perspective, and warned that the U.S. is on a path to a major, preventable cyberattack.

"Cybersecurity is a major problem for us," Keane said. "We have the capability to [improve it]. And the fact of the matter is, we are not doing that, and we are very vulnerable."

[Related: XChange Public Sector 2014 Coverage ]

Sponsored post

Keane described the U.S. financial services and utility industries as particularly vulnerable to cybercriminals and to state-sponsored hacking campaigns.

"Our financial and banking systems, despite our best efforts ... are still vulnerable," he said. "Our entire power utility grid is still vulnerable. Our entire transportation system, air and ground, is vulnerable." What is protected, Keane said, is our military networks and nuclear posture.

Keane also said the U.S. government has far and away the strongest cyberoffense. "We have the No. 1 cyberoffensive capability in the world," Keane said. "It would make your eyes water to know what we can do and what we are doing. That's all I can say about it."

However, Keane said American's overall cyberdefense is woefully lacking, and he warned the audience about threats from Russia and China. "The Russians have the No. 2 [cyberoffensive] capability in the world, and they are formidable," he said. "The Chinese are the most prolific at cyberespionage. They steal intelligence secrets. They steal technology to help harness their military. And they steal intellectual property to advance their businesses."

Keane recommended stronger legislation from Congress to help bring the private sector together with government to bolster cybersecurity efforts. He also said U.S. leadership needs to take a tougher stance against state-sponsored cyberespionage from Russia and China. That said, Keane said the recent indictment of five Chinese People's Liberation Army officers for alleged state-sponsored hacking against the U.S. is a welcome development. "This is a nice first step, an important step given where we are today," he said. "The [Obama] administration deserves credit for taking this on. But we have to see what the follow-through is."

Carmine Taglialatela, vice president of business development at TecPort Soltuions, a government solution provider based in Delaplane, Va., agreed with Keane's call to action for cybersecurity and said better education and training are needed to sharpen security skills in the U.S. "What we need is more training to get people prepared to go into cyberdefense," he said. "It's woefully understaffed."

In addition to more training, Taglialatela said solution providers need to spread awareness of cybersecurity issues with their private and public sector clients. "There's an understanding with customers of how important cybersecurity is," he said, "but there are a lot of commercial customers and publicly traded companies that are fearful of raising the issue because they're hiding and hoping that an attack won't happen to them."