By Jaikumar Vijayan
.... More than seven years after the terrorist attacks of Sept. 11, 2001, there's widespread consensus that federal efforts to secure cyberinfrastructure are bogged down by a lack of vision, planning and leadership. While the government has struggled to come up with a cohesive national strategy for defending its interests on the Internet, threats in cyberspace have continued to grow and today pose a grave risk to national and economic security.
Adversaries, which include unfriendly governments and militaries, intelligence agencies, organized criminals groups and hactivists, have by most accounts already penetrated U.S government and private networks or are actively engaged in doing so.
Most of the efforts appear to be focused on leeching away secrets from public and private IT sectors for profit and for espionage. A report released in March by the University of Toronto and think tank The SecDev Group showed how a group with apparent ties to China has systematically breached systems in more than 100 countries, apparently for espionage purposes. At the same time, the potential for attackers to disrupt vital networks and systems in critical infrastructure areas such as banking and power is growing daily.
.... "Our digital infrastructure has become the most important underpinning of U.S. national and economic security," says Amit Yoran, former director of the National Cybersecurity Division at the U.S. Department of Homeland Security (DHS)
....The NSA, which is in charge of the Comprehensive National Cybersecurity Initiative (CNCI), has been jostling for broader control of the federal information security agenda. But while almost everyone acknowledges that the NSA can bring the skills, the experience and the clout needed for the job, the prospect of a spy agency running the domestic cyberagenda is not sitting well with most.
...."If there's a fire on the Internet, who's the fire department?" he asks. In the event of an Internet crisis, there is no single entity that either the federal government or private industry can depend on to coordinate a response. "There's no one you can simply pick up the phone and speak with,"... mplementing such a capability is not going to be easy, says Paul Kurtz, former special assistant to the president and senior director for critical infrastructure protection on the White House's Homeland Security Council.
....Another reminder is an experiment conducted in March 2007 in which the Idaho National Laboratory showed how it could reduce a power turbine to a smoking, shuddering, metal-spewing mess simply by executing malicious code on the computer controlling the system.
.... Develop an offensive capability
Patti Titus, the previous chief information security officer at the Transportation Security Administration, is among a growing number of executives arguing for the development of deterrent capabilities in cyberspace. "What we need to say is, 'We are the U.S., and if you mess with us, you'd better be careful,'" says Titus, who is currently chief information security officer at Unisys Corp.
For too long, the country has been focusing on building a defensive capability that has done little to stop adversaries from infiltrating government networks, supply chain and distribution systems, she says. "It's time to come up with some way of launching back at those that mean to do harm," Titus suggests.....
No comments:
Post a Comment