Inadequate Information Sharing Makes Estimating Costs From Cyber Attacks Difficult, Napolitano Says

The lack of good information sharing between the private and public sectors regarding cyber attacks makes it difficult to understand the true costs of these attacks, Homeland Security Secretary Janet Napolitano said recently.

Moreover, based on the information about cyber attacks that the Department of Homeland Security receives, current cost estimates appear conservative, Napolitano said at a cyber security forum hosted by The Washington Post Live.

Citing estimates released by the anti-virus software firm Norton, which is a unit of Symantec [SYMC], Napolitano said these are put at $114 billion annually up front, rising to nearly $400 billion annually once lost time and efforts time to repair systems are factored in.

“And I think that is a very conservative estimate I must say given what crosses our desk at DHS,” she said.

Napolitano also said that “we don’t have a good way to measure” the costs of cyber attacks “because in part we don’t have good information sharing and so it just indicates the need for more information sharing writ large and our particular need is for real-time information sharing because our ability to help, to mitigate, to protect is really dependent on knowing what is happening.”

She also said that real-time information sharing would better help the federal government learn from the private sector and also warn other critical infrastructure of threats. Additionally, the federal government brings forensic capabilities that are better employed with real-time awareness, she said.

Improved information sharing is one of two of the nation’s biggest needs when it comes to preventing and combating cyber attacks, Napolitano said. The other is best practices for use by critical infrastructure entities, she said.