Wednesday, April 7, 2010

Time To Do Something

One of the things that disappointed me the most about Bush the Younger was his administration's neglect of this country's cybersecurity. osama-oops-I-mean-obama has failed to impress in this regard as well, dicking around with feel-good legislation at the expense of national security (both physical and cyber). We'll leave the discussion of unilateral disarmament, alienating allies, and porous borders for another time. Today we'll focus on the pathetic state of U.S. cybersecurity.

This is one of the few areas where I'll claim a modest amount of expertise. I've done some research and teaching on the topic. My primary concern is the lack of understanding and focus on the interrelated nature of this country's critical infrastructures, and the subsequent need to protect them.

Recent events have raised the fear of cyberwarfare and it's potential impacts on national security and daily life. This article discusses that possibility in more detail (excerpt below - also note that the links in the article lead to a more in-depth discussion of the relevant topic).
"Few events have crystallized U.S. fears over a cyber catastrophe, or brought on calls for a strategic response, more than the recent attacks against Google and more than 30 other tech firms.

The company's disclosure in January that it was attacked by China-based hackers -- and its subsequent decision to scale back operations there -- have stoked long-standing fears over the ability of cyber adversaries to penetrate commercial and government networks in the U.S.

If a full-fledged cyberwar were to break out, the nation's economy would be hit hard. Banks might not be able function, electricity, water, and other utilities could be shut off, air travel would almost certainly be disrupted, and communications would be spotty at best -- in a word, chaos."
Chaos? Well, think about it. How do you procure the basics of modern life? I'm guessing most of us pay for gas and groceries by using a credit or debit card. We get cash via an ATM card. Most retail establishments use information systems and networks to verify checks. The likelihood of these payment methods functioning during or after a cyber attack are minimal at best.

What about utilities? Delivery of electricity, water, and natural gas is controlled by SCADA (Supervisory Control And Data Acquisition) systems - industrial control systems that manage functions such as the monitoring and control of electricity generation and current flow, valves and pumps that regulate water, sewage, and natural gas pipelines, and so forth. SCADA systems, like much of the Internet, were initially designed for ease of use. Security was not a consideration. As a result, the system is rife with vulnerabilities.

Communications? What manages and controls TV, radio, telecommunications, cell phone networks, and the Internet? That's right - information systems and networks, all of which are vulnerable to a certain extent to outside threats.

Even the military is exposed. In recent testimony, U.S. Navy Admiral Robert Willard appeared before the U.S. House Armed Services Committee with an even stronger warning about cyber-threats posed by China.
"U.S. military and government networks and computer systems continue to be the target of intrusions that appear to have originated from within the PRC (People's Republic of China)," said Willard.

Willard testified on the military's operations in its Pacific command, which he said "faces increasingly active and sophisticated threats to our information and computer infrastructure."

These threats challenge our ability to operate freely in the cyber commons, which in turn challenges our ability to conduct operations during peacetime and in times of crisis," Willard said..."
No less a personage than Richard Clarke, former anti-terrorism czar under Presidents Bush and Clinton, rates the U.S. cyberwar capabilities below that of even North Korea, for God's sake.














(Higher is better)

So what can be done about this? Well, perhaps the federal government should refocus its attention on its primary duty - to protect this country and its citizens - rather than expanding give-away programs that make more people more dependent on handouts. After all, what good does it do to have a bunch of sheep contentedly grazing on the national commons if they're not protected from the wolves that will inevitably gather?

Academic references available on request...

No comments: