In his remarks, Clinton, who joined In Depth with Francis Rose for an interview, said government and industry need to “modernize our notion of what constitutes cyber defense,” and that the biggest challenge isn’t technological but economic. “The single biggest problem in combating cyber threat is not technical, it is cost,” Clinton told the committee.
He described a “dramatic change” in the cyber threat over the past two years.
Rise of the APT
“Our main concerns are not ‘hackers’ or kids in basements,” he told the House panel. “The fact that a cyber system has been ‘breached’ is no longer the metric that determines a successful cyber attack.”
Instead, Clinton pointed to increasingly sophisticated individuals and groups, including “hacktivists,” and rival nation-states. Taken together, this constitutes what cyber experts refer to as the Advanced Persistent Threat (APT), he added.
“These are the pros,” he told In Depth. “They’re highly educated, well-funded, well-organized, often nation-state-supported hackers using whole suites of very sophisticated that will compromise any system that they target.”
In his House testimony, Clinton said the APT-style attacks have become “the major focus” of many in the private sector, in no small part because these sophisticated hackers have branched out from the defense sector in looking for potential targets.
“So we need to really rethink our notion of cybersecurity,” he told In Depth. “A perimeter defense doesn’t work anymore. We need to focus on the technology and the economics and come up with a more engaging and modern system of cyber defense.”
While a more robust cyber defense doesn’t only boil down to how much money is spent, Clinton called the numbers “dramatic.”
The private sector spends about $80 billion a year, he said, citing recent statistics from the Ponemon Institute. “By comparison, the Department of Homeland Security’s entire budget — not cyber but their entire budget — is $57 billion,” he added. “We need to find a way to manage our costs to keep up our defenses.”