The Cambridge Cyber Summit

It's dangerous for American society to accept regular cyberhacks as normal, say US officials

Key Points
  • Americans cannot become complacent about hacks
  • Using Social Security numbers as a basis for information access was a bad idea, said one U.S. official
Susan Gordon, Principal Deputy Director of National Intelligence and Andrew McCabe, Deputy Director, F.B.I speaking at the Cambridge Cyber Summit on Oct 4, 2017.
David A. Grogan | CNBC

One of the biggest threats to U.S. society is the growing acceptance that Equifax- or Yahoo-type cyberhacks are a permanent part of life — and that there's little to be done about them, said several government officials who spoke on a panel at the Cambridge Cyber Summit in Boston on Wednesday.

"We're coming to think this is the cost of doing business," said Sue Gordon, principal deputy director of national intelligence.

"We do not have to accept that we are always going to be had," she said.

That sort of numb acceptance is an understandable consequence of the number and severity of recent hacks, and the fact that much of our current infrastructure is built on our Social Security numbers, said Rob Joyce, White House cybersecurity coordinator.

Using that number for personal identification was a "horrific idea," said Joyce, and it's urgent to find new technologies to replace it. Joyce acknowledged that his Social Security number has been breached four times.

Creeping public acceptance of these problems makes it harder to improve security, he said.

"We're the frog in the pot that's getting boiled," said Joyce. "It's getting to the point where we're getting numb. That's a problem," he said.