GovSecurity Government Security Business & Procurement » News

New technology’s role in enhancing airport security

Travis Wheeler — Mon, 23 Jan 2012 17:00:25 +0000

After September 11, 2001, the United States began instituting an array of security measures intended to prevent future terrorism. However, an analysis of measures in place at the nation’s airports reveals that much work remains to be done. Bluntly put, would-be terrorists are still capable of gaining access to U.S. critical infrastructure.

The problem becomes clearer by spotlighting details of high-profile terrorism cases. Consider the ease with which the 9/11 hijackers gained access to planes that morning. The box-cutter knives they carried were permitted on board because, at the time, any knife with a blade up to four inches long was permitted on domestic flights.

Just as important, some hijackers lacked a valid, U.S. Government-issued identification card. These Al Qaeda members were allowed to board their planes anyway.

Next, consider “shoe bomber,” Richard Reid, who was permitted to board an American Airlines flight in Paris on December 22, 2001, wearing plastic explosives in his shoes. He was allowed to board despite his having been prevented from flying the previous day due to his unwillingness to answer all of the passenger screener’s questions, and despite the fact that he did not check any luggage.

In December 2009, Umar Farouk Abdulmutallab tried detonating plastic explosives in his underwear while on a Northwest Airlines flight en route from Amsterdam to Detroit. A month prior, Abdulmutallab’s father had expressed concerns over his son’s drift toward religious extremism to CIA officers at the U.S. Embassy in Abuja, Nigeria. Although Abdulmutallab’s name was added to one watch list — the Terrorist Identities Datamart Environment — it was not on the U.S. no-fly list, nor was his U.S. visa revoked.

More recently, Times Square bomber Faisal Shahzad successfully boarded an Emirates flight at Kennedy International Airport bound for Dubai before being detained shortly prior to takeoff. He had been placed on the no-fly list earlier in the day, but the airline did not check the list when Shahzad made a reservation, nor when he purchased his ticket with cash. A routine post-boarding check did identify him as being on the list, leading to his arrest.

Despite the varying circumstances involved in these incidents, they might never have occurred if certain security measures involving new technology had been in place.

The “no fly” list, created and maintained by the U.S. Government, consists of names of individuals who are barred from boarding commercial aircraft for travel into or out of the country. Created soon after 9/11, its use has stirred controversy for incidences of false positives, in which law-abiding citizens have been mistakenly detained. Additionally, the list played a prominent role in the incidents involving Abdulmutallab and Shahzad. What good is such a list, critics rightfully ask, if it fails to keep such people from boarding planes?

Although the officials charged with checking the no-fly list may be lax in their duties, technology currently exists to perform such checks efficiently. Electronic devices have been developed that can scan a passenger’s ID card (e.g., a driver’s license or military ID card) at the boarding gate, validate its authenticity, determine whether it is lost or stolen, and check whether the bearer’s identity is included on a watch or terrorist list.

For example, the Defense ID system, developed by Intellicheck Mobilisa Inc., consists of a handheld device that reads barcodes and magnetic stripes on various forms of ID cards. By scanning and comparing the information to more than 140 “bad guy” and FBI Watch databases, Defense ID can determine in the space of a few seconds if the ID is fake, if it has been reported lost or stolen, if the individual presenting it has any outstanding wants and warrants, and if the individual is on an authorized roster of previously cleared personnel. In addition, Defense ID has photo-capture, incident recording and manual search capabilities. It could easily be adapted to check the federal “no fly” list.

Cutting-edge verification technology alone will not guarantee the safeguarding of airports against potential terrorist attack, unless the technology is implemented wisely. Keeping potential terrorists away from secure areas in airports, or aircraft, requires an ambitious level of oversight. At airports, security will be maximized only when the implementation of ID readers is complete.

John F. Kennedy International Airport, out of which Faisal Shahzad nearly managed to fly, has eight terminals and 14 security checkpoints. Yet the expense of fully implementing ID scanning technology at those checkpoints has been estimated to cost as little as $1.5 million. For the price of a few full-body scanning machines, the State of New York could deploy technology that would screen people against the “no fly” list before they ever boarded an aircraft.

In the future, the fast-evolving science of biometrics will render the use of fake or stolen IDs even less feasible. One can envision a technology in which a passenger’s fingerprint is scanned at the boarding gate and instantly checked against a “no fly” database. Another innovation would be the use of a single universal database consisting of names of individuals of interest, updated in real time, and accessible at all security checkpoints. This would be designed to eliminate oversights, such as that which occurred in the case of Abdulmutallab, whose name appeared on one watch list but not another.

Full article by Steve Williams, Government Security News

ICE says public tip line generates investigative leads

Travis Wheeler — Thu, 19 Jan 2012 16:45:51 +0000

Immigration and Customs Enforcement’s public tip lines have become a valuable source of investigative leads, said the agency on Jan. 18.

The agency said a tip called in to the line helped close down a human smuggling ring in Austin, TX, where illegal aliens were taken from their home country without their consent and held by smugglers for ransom until family members paid exorbitant smuggling fees. It also said tips helped find and arrest a violent MS-13 gang member, who was in the country illegally, was living and working near Silver Spring, MD.

ICE Homeland Security Investigations (HSI) Tip Line (866) DHS-2-ICE (866-347-2423), received nearly 172,500 reported tips in 2011. On the receiving end of the calls are a team of special agents, intelligence research specialists and law enforcement specialists, said ICE. All are highly trained in a number of laws related to worksite enforcement, document and benefit fraud, intellectual property rights, money laundering, drug smuggling, child pornography and human trafficking.

The public can provide information on a wide variety of criminal activity, from terrorism, drug smuggling, money laundering, and human trafficking to import/export violations, child exploitation, document and benefit Fraud, gang-related crimes, intellectual property rights violations and worksite enforcement.

The capabilities are based at ICE’s Law Enforcement Support Center (LESC) in Williston, VT, which provides law enforcement across the country information on the immigration status and identity of individuals who have been arrested or are under investigation for criminal activity.

LESC technicians can access a wide range of databases and intelligence sources. The facility also analyzes and disseminates information received from the public about suspicious or criminal activity.

At the end of fiscal 2011, the tip line expanded its operations with an online form. Since its launch, more than 1,500 individuals have logged onto ice.gov/tips to report suspicious criminal activity, said ICE.

“When reporting a crime, a person should report the nature of the crime and be specific and detailed as possible,” said David Palmatier, tip line unit chief. “If we have more details, we can more efficiently investigate a tip.”

Callers can expect minimal wait times to speak to a tip line specialist, said the agency and average phone calls take less than five minutes to complete. The ICE HSI Tip Line is open 24 hours a day, seven days a week.

Full article by Mark Rockwell, Government Security News

What’s ahead in 2012 for cloud, mobile apps, cyber?

Travis Wheeler — Wed, 18 Jan 2012 00:17:50 +0000

Expect disruptive technologies – cloud computing, mobility, social computing, big data and smart analytics, IT appliances, and cybersecurity – to become more tightly woven into mission-critical systems and processes in 2012 as government and private organizations look for ways to innovate and also operate more cost efficiently.

That’s one of Unisys’ predictions for 2012 based on its work with clients around the world.

Among the company’s predictions: Cloud computing will continue to be the top IT investment priority in 2012.

Both government agencies and businesses in 2012 will accelerate their use of cloud-based software-as-a-service (SaaS) for e-mail and collaboration solutions, to further reduce costs and simplify operations, the findings said.

Organizations will begin the process of broadly assessing their applications portfolio to take greater advantage of cloud-computing opportunities.

Also, they will make greater use of new mobile device and application-management tools to better manage their agencies and businesses.

In addition, more organizations will implement predictive security operations as cyber threats grow in number and sophistication. Dedicated analysts and advanced data-analytics software will identify threats before they cause significant damage, the study found.

According to the Unisys findings, we can expect to see the creation of protected silos within data operations to prevent access to sensitive information in cases where their network perimeters have been breached.

As mobile devices are proliferating, increasingly becoming the new computing platform of choice for employees and customers, it is becoming the preferred channel for doing business.

Unisys predicts that IT organizations will devote significant resources in 2012 toward developing new applications and reengineering business processes to take advantage of this growing opportunity.

Full article by David Hubler, Washington Technology

Technical Communities Breaks Sales Records for 2011

Ali Cheung — Tue, 10 Jan 2012 23:51:50 +0000

Technical Communities, Inc., the company technical organizations who sell to the government rely for proven contracting, marketing and sales solutions, broke its all-time annual sales record in 2011.

All Technical Communities’ revenue categories achieved record results, including test, laboratory, medical, information technology and direct marketing. This is the eighth of the past nine years where the company showed year over year sales growth.

The privately held company also now has a record number of partnerships with 120+ technical companies. In addition to service offerings, the company holds and manages multiple federal, state and local government contracts. It is owner and operator of industry leading online marketplaces that focus on the U.S. government agencies, military organizations and prime federal contractors. They include ecommerce sites gsamart.com and testmart.com and the govcontractsmagazine.com government-focused content network.

“We are very excited to announce these results for 2011. It was Technical Communities’ focus on our partners’ needs, expertise in reaching government customers and successful management of multiple GSA Schedules that helped us achieve record sales and partnerships,” said Peter Ostrow, Technical Communities, Inc. President and CEO.

Technical Communities continues to add partners, product lines and services that solve problems and focuses on government customers. The company regularly sells to more than 1,400+ U.S. government, military and prime federal contractor buying organizations and has reach into the 1+ million prospects in its proprietary database.

For the fourth year in a row, Technical Communities was named to Inc. Magazine’s list of the fastest growing private companies in America.

Top finds at TSA checkpoints in 2011 include more than 1,000 guns and C4

Travis Wheeler — Fri, 30 Dec 2011 17:12:17 +0000

The Transportation Security Administration has found 1,200 guns, snakes, C4 explosives and inert landmines in the past year at airport checkpoints around the country.

The agency listed its “Top Ten” finds of the year on its Web site on Jan. 2. The most significant discoveries, it said, not only included dangerous items like edged weapons, loaded guns and explosives, but offbeat things such as science experiments that look like bombs and live animals.

“Some are dangerous, some simply look dangerous and can cause major delays, and others are just plain weird,” said the post.

The site termed the discovery of small chunks of C4 military explosives found in the bags of a U.S. Army Private at Yuma International Airport in Arizona last July as the number one find of the year by its security agents. The half ounce of explosive was found in the checked bag of a 19-year-old soldier, concealed in a tobacco can. TSA said its agents made the discovery in the checked bag using an Explosive Trace Detection (ETD) test. The private, Christopher Wey, was subsequently charged with attempting to carry an explosive on an aircraft and transportation of a stolen explosive. TSA said he was apparently bringing the material home to show his parents and officials had said he had no apparent intent to harm anyone.

Although it didn’t make the top ten list as the discovery happened on the last day of 2011, TSA agents made a similar find at a Texas airport. On New Year’s Eve, TSA agents detected explosives in the bags of another travelling soldier. The FBI arrested Trey Atwater, of Hope Mills, N.C., on Dec. 31, while he was going through security at Midland Airport in Texas. The FBI said they arrested Atwater on charges of attempting to carry concealed explosives onto an aircraft. Atwater has claimed he used the explosives as a demolition expert while serving in Afghanistan, but didn’t know they were still in his bag. Atwater had also been detained days earlier at the Fayetteville, N.C., airport after security agents found a military smoke grenade in his carry-on bag.

The second top find on the agency’s list included the discovery of a loaded .380 pistol strapped to the ankle of a passenger passing through a check point in Detroit Metro Airport on Dec. 13. The 76-year-old passenger, said the agency, forgot the pistol was there.

The third top find was the total number of guns found during the year at checkpoints across the country. The agency said it found over 1,200 firearms, some loaded or with rounds in their chambers. For the most part, TSA accounted for the discoveries as passengers’ forgetting their presence in luggage.

The agency also noted that it found knives concealed in a book in a passenger’s bag at Washington National, as well as inert landmines in bags at Salt Lake City airport, a stun gun disguised as a smart phone in Los Angeles, a flare gun and seven live flares in Norfolk, as well as assorted live snakes, turtles, birds and fish concealed in luggage at Miami and Los Angeles.

Full article by Mark Rockwell, GSN Magazine

McAfee’s predictions of top cyber threats in 2012

Travis Wheeler — Wed, 28 Dec 2011 17:22:39 +0000

The list indicates that emerging threats from 2011 are on track to become the major players for cyber activity in 2012, including mobile banking, “legal” spam and virtual currency. McAfee Labs also predicts that attacks involving political motivation or notoriety will also make headlines, including high-profile industrial attacks, cyber warfare demonstrations and hacktivist attacks targeting public figures.

“Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011,” said Vincent Weafer, senior vice president of McAfee Labs. “Over the past year, the general public has become more aware of some of these risks, such as threats to critical infrastructure or the impact of hacktivism, as they gain international media attention. In the meantime, we continue to see cybercriminals improving their toolkits and malware and are ready to make a significant impact in 2012.”

McAfee Labs Threat Predictions for 2012:

( 1 ) Industrial attacks: Cyber criminals target utilities

Water, electricity, oil and gas are essential to people’s everyday lives, yet many industrial systems are not prepared for cyber attacks. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. As with recent incidents directed at water utilities in the U.S., attackers will continue to leverage this lack of preparedness, if only for blackmail or extortion in 2012.

( 2 ) Advertisers will “legalize” spam

McAfee Labs has seen a drop in global spam volumes in the past two years. However, legitimate advertisers are picking up where the spammers left off, using the same spamming techniques, such as purchasing email lists of users who have “consented” to receive advertising or purchasing customer databases from companies going out of business. McAfee Labs expects to see this “legal” spam, and the technique known as “snowshoe spamming,” to continue to grow at a faster rate than illegal phishing and confidence scams.

( 3 ) Mobile threats: Attackers will bypass PCs

2011 saw the largest levels in mobile malware history. In 2012, McAfee Labs expects for mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking — such as stealing from victims while they are still logged on, while making it appear that transactions are coming from the legitimate user — will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

( 4 ) Embedded hardware: The promised land for sophisticated hackers

Embedded systems are designed for a specific control function within a larger system and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer, and will enable attacks to gain greater control and maintain long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

( 5 ) Hacktivism: Joining forces online and on the front lines

McAfee Labs predicts that in 2012, either the “true” Anonymous group will re-invent itself, or die out. Additionally, those leading the digital disruptions will join forces with physical demonstrators, and will target public figures, such as politicians, industry leaders, judges and law enforcement, more than ever before.

( 6 ) Virtual currency: A cyber criminal payment plan

Virtual currency, sometimes called cyber currency, has become a popular way for people to exchange money online. These online “wallets” are not encrypted and the transactions are public, making them an attractive target for cyber criminals. McAfee Labs expects to see this threat evolve into spam, data theft, tools, support networks and other associated services dedicated solely to exploiting virtual currencies, in order to steal money from unsuspecting victims or to spread malware.

( 7 ) Cyber war: Flexing its muscles

Countries are vulnerable due to massive dependence on computer systems and a cyber defense that primarily defends only government and military networks. Many countries realize the crippling potential of cyber attacks against critical infrastructure, such as water, gas and power, and how difficult it is to defend against them. McAfee Labs expects to see countries demonstrate their cyber war capabilities in 2012, in order to send a message.

Full article by GSN Magazine

December is critical infrastructure protection month

Travis Wheeler — Wed, 30 Nov 2011 16:39:50 +0000

President Obama signed a proclamation on Nov. 30 declaring December 2011 as “Critical Infrastructure Protection Month,” adding that cyber security remains a key part of that protection.

From irrigation to the Internet, said the president, the U.S.’s critical infrastructure supports an incredible array of services and industries that are essential to our continued success and prosperity. “This month, we affirm the fundamental importance of our critical infrastructure and recommit to preparing for, responding to, and recovering from hazardous events and emergencies efficiently and effectively,” he said, adding his administration is “resolute” in its dedication to a safe, secure future.”

Natural disasters, pandemic diseases, and acts of terrorism are serious risks to infrastructure and the nation needs to be prepared for them, he said. To that end, the federal government is “fortifying our partnerships with state, local, territorial, and tribal governments to close gaps in our protection programs and promote collaboration at all levels of government,” he said. The federal government is also engaging a wide variety of private stakeholders, including critical infrastructure owners and operators, to expand and reinforce critical infrastructure protection.

He noted that the Department of Homeland Security’s “If You See Something, Say Something” campaign, has engaged individual citizens and communities across the country to help improve public safety. “All of us have a role to play in strengthening our national security, and together, we are taking steps to foster a culture of resilience,” he said.

A large part of that resilience, he said, including the safety of transportation networks, electricity grid, financial systems, and other assets and infrastructure, relies on cyber security. “Cybersecurity remains a priority for my Administration, and we are committed to protecting our critical infrastructure by taking decisive action against cyber threats,” he said. “To ensure the safety of our most vital operations, we are working to give public and private organizations the ability to obtain cyber security assistance quickly and effectively. These efforts will bolster our ability to withstand any attack, whether virtual or physical,” he added.

Full article by Mark Rockwell, GSN Magazine

Napolitano stresses international partnerships, aviation and cyber security on overseas trip

Travis Wheeler — Wed, 30 Nov 2011 16:32:00 +0000

Secretary of Homeland Security Janet Napolitano told French military and security agencies on Dec. 2 that international partnerships are key to security efforts worldwide.

In remarks to her international counterparts at the École Militaire in Paris on the importance of strong international partnerships, Napolitano highlighted DHS’ commitment to working with France and other European partners to enhance international security.

Napolitano is on a worldwide travel swing that will take her to Europe and the Middle East in the next week.

“In our globalized economy, our international partnerships are critical to our nation’s domestic security, and strong international engagement and cooperation is essential,” said Napolitano at the Ecole Militaire. “DHS is committed to working closely with our allies and partners who face common threats to build a more secure and resilient nation while strengthening the commerce, travel, and communication networks that we all share.”

Napolitano also underscored the DHS’ international security efforts, emphasizing the full range of threats the United States and its international partners face including terrorism and organized crime, including narcotics smuggling and human trafficking; proliferation of chemical, biological, radiological, or nuclear weapons; and emerging threats in cyberspace. She said DHS has more than 1,500 employees stationed abroad in 75 countries working bilaterally with nations and other major multilateral bodies and organizations to strengthen the security of the networks of global trade and travel.

While in Paris, Napolitano and US Attorney General Eric Holder met with French Minister of the Interior Claude Guéant to talk about strengthening aviation security and information sharing to combat terrorism. They endorsed the US-EU Agreement on the Use and Transfer of Passenger Name Records, recently initialed in Paris on Nov. 17 by DHS Deputy Secretary Jane Holl Lute and Director Reinhard Priebe of the European Commission. They encouraged other member states of the European Union and the European Parliament to expedite approval of the agreement.

According to DHS, Napolitano also met bilaterally with Secretary General Francis Delon and the French Minister of Justice Michel Mercier to amplify the efforts of the Departments of Homeland Security, Justice and State to adopt the Preventing and Combating Serious Crime (PCSC) Agreements—underscoring the critical increase of information sharing capabilities for Visa Waiver Program participating countries to help prevent terrorism and transnational crime.

Napolitano also met with members of the American Chamber of Commerce in Paris where she talked about the department’s role in cyber security. The US and France participate in a standing US-EU Working Group on Cybersecurity and Cybercrime that focuses on enhancing public-private partnerships, raising awareness about cyber threats, combating cybercrime, and protecting critical infrastructure and intellectual property.

Full article by Mark Rockwell, GSN Magazine

Cloud security: Better than we think?

Travis Wheeler — Mon, 14 Nov 2011 17:06:40 +0000

Cloud computing has flunked a security test, reports Tim Wilson at Dark Reading. That probably doesn’t surprise you. Conventional wisdom says clouds are inherently insecure.

But are they? Or are clouds actually more secure than conventional IT environments? A growing number of technologists are making that argument. And they’re not cloud vendors or marketers or startups who have placed their bet on the cloud. They’re some of the senior-most technology officials in government, including those from intelligence agencies and the military, which might be the last place you’d expect to hear such talk.

The list of execs touting the security advantages of the cloud has grown to include federal CIO Steven VanRoekel; Gen. Keith Alexander, head of both the National Security Agency and U.S. Cyber Command; CIA CTO Gus Hunt; NIST security researchers Peter Mell and Dr. Ronald Ross; and former NSA director Adm. Mike McConnell.

Their comments on cloud security are often accompanied by the caveat, “if you do it right.” In other words, cloud security only happens through a combination of vigilance, best practices, and technology, including encryption, patching, and monitoring.

The shift to the cloud is an opportunity to rethink security from the ground up, to re-architect networks and data centers in a way that closes existing gaps. The feds are helping agencies do this with a growing body of guidance such as NIST’s 68-page document on cloud security and controls required as part of the forthcoming FedRAMP security authorization program.

CIA CTO Hunt talks about periodically and automatically moving workloads and reimaging machines as a way of creating a “polymorphic attack surface” that confuses would-be attackers, as they won’t know what’s running on which physical server at any point in time.

Hunt’s not some IT lightweight, and the CIA can’t afford to be cavalier about the security of its data and systems. “We’re paranoid for a reason,” Hunt told the audience at InformationWeek’s GovCloud 2011 event in October. “They really are out to get us. And I’m not kidding about this, when secrets leak out, people die.”

Alexander says cloud computing can improve patching across a network and bring other benefits. “You have better visibility and situational awareness,” he said at a recent event hosted by the Defense Advanced Research Projects Agency. “More importantly, if you were to watch how we push out [patches] today, you would laugh or cry because it takes months. We need a dynamic way to do it, and the cloud lets us do it much quicker.”

These concepts apply primarily to private, not public, clouds. Even so, NIST’s Mell, one of the creators of the FedRAMP program, has argued that entrusting data to the world-class engineers at Amazon, Google, and Microsoft may be more secure than hosting the data in your own data center.

Not everyone is ready to buy into this line of thinking, of course. At a recent cybersecurity event in Baltimore, some attendees scoffed at Alexander’s take on cloud security. Their counterargument: Consolidation and virtualization might make an IT environment more manageable, but they also create a bigger target for social engineering and other forms of attack.

And NIST, despite the optimism of its cloud researchers, offers its own words of warning. “The cloud computing environment presents unique security challenges,” NIST writes in its recently released “cloud roadmap” document. “The architecture, potential scale, reliance on networking, degree of outsourcing, and shared resource aspects of the cloud computing model make it prudent to reexamine current security controls.” Prudent? That’s too soft. IT pros that don’t pay close attention to security controls in the cloud are putting their organizations at extreme risk.

Done right, however, clouds may be more secure than old-style data centers. That’s the view of influential IT leaders within the government’s intelligence, defense, and civilian agencies. Maybe it’s time to think more about the potential security benefits of the cloud, and not just about all that can go wrong.

Full article by J. Nicholas Hoover, InformationWeek

Cyber weaknesses should deter US from waging war

Travis Wheeler — Sun, 30 Oct 2011 22:53:58 +0000

America’s critical computer networks are so vulnerable to attack that it should deter U.S. leaders from going to war with other nations, a former top U.S. cybersecurity official said Monday.

Richard Clarke, a top adviser to three presidents, joined a number of U.S. military and civilian experts in offering a dire assessment of America’s cybersecurity at a conference, saying the country simply can’t protect its critical networks.

Clarke said if he was advising the president he would warn against attacking other countries because so many of them — including China, North Korea, Iran and Russia — could retaliate by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems.

The U.S. military, he said, is entirely dependent on computer systems and could end up in a future conflict in which troops trot out onto a battlefield “and nothing works.”

Clarke said a good national security adviser would tell the president that the U.S. might be able to blow up a nuclear plant somewhere, or a terrorist training center somewhere, but a number of countries could strike back with a cyberattack and “the entire us economic system could be crashed in retaliation … because we can’t defend it today.”

“I really don’t know to what extent the weapon systems that have been developed over the last 10 years have been penetrated, to what extent the chips are compromised, to what extent the code is compromised,” Clarke said. “I can’t assure you that as you go to war with a cybersecurity-conscious, cybersecurity-capable enemy that any of our stuff is going to work.”

Clarke, along with Gen. Keith Alexander, who heads both the National Security Agency and U.S. Cyber Command, told the conference crowd that the U.S. needs to do a better job at eliminating network vulnerabilities and more aggressively seek out malware or viruses in American corporate, military and government systems.

But Clarke was more strident about pushing for broader government regulations to enforce such improvements, despite political reluctance. The problems, he said, will not be fixed unless the government gets more involved.

He added that the U.S. also needs to make it clear to countries such as China that efforts to use computer-based attacks to steal high-tech American data will be punished.

In a forceful and detailed public report last week. U.S. intelligence officials accused China and Russia of systematically stealing sensitive U.S. economic information and technologies for their own national economic gain.

The report called on the U.S. to confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and which represent a “persistent threat to U.S. economic security.”

On Monday, Clarke said that until there are real consequences for the massive espionage, countries like China will still keep stealing.

Full article by Lolita Baldor, Associated Press