Cyberinsecurity
The news that hackers possibly tied to the Russian and Chinese governments infiltrated the computer systems running the U.S. power grid presents a sobering reminder of the scope of America's national-security challenges. Once upon a time, the country's leaders could take comfort in the fact that the nation was insulated by a vast ocean on each side and friendly, or at least unhostile, countries to the north and south.
Geography still provides a measure of protection from conventional attack, but less against the unconventional -- as 9/11 tragically proved.
What's more, national-security experts today have to contend with the dismaying fact that weapons of mass destruction no longer have to arrive in packages of mass dimensions. Suitcase nukes and biological weapons are no longer just the stuff of blockbuster movies. "Our margin of safety is shrinking, not growing," a report by the Commission on the Prevention of WMD Proliferation and Terrorism concluded late last year. It warned that a nuclear or biological terrorist attack remains a very real possibility.
Now add cyber-terror to the mix. Two years ago, Estonia suffered a wave of cyber-assault, thought to have originated in Russia, that disrupted the operations of the government, banks, communications companies, and news organizations. As connectivity increases, security diminishes. Infiltration of the nation's power grid could prove catastrophic.
Or not. It's worth remembering all the hype that washed over the falls as the the putatively disastrous Y2K moment approached. Because some older computer systems used only two digits to record dates, it was feared that the transition from 1999 (recorded as 99) to 2000 (recorded as 00) could wreak havoc with everything from banking to medical care. But when the clock struck midnight, the dire predictions did not come to pass.
Consider this also: In a February article titled, "Do We Need a New Internet?" The New York Times warned that the Conficker worm "remains a ticking time bomb" that could "shut off entire sections of the Internet." But April 1, the Conficker D-Day, came and went without a hitch.
Of course, the fact that Conficker wreaked no devastation does not offer any promise that some future cyber-attack will prove equally harmless. America shouldn't trust its networks to an indefinite run of good luck. There are too many holes in the system. America needs to plug them -- before something truly malevolent comes slouching through.
Advertisement
Reader Reactions
Due to my own typographical error, the last paragraph of my previous post should read: “To the extent that we continue to FAIL to adequately address this issue and make the necessary changes, it is certain that more unauthorized intrusions and alterations will occur and likely that, eventually, significant additional harm will be done to our economy as a result.“
During my career as an IT technical consultant who was internationally certified in information systems security, I was routinely dismissed as being opposed to change, and frequently ignored, because I vociferously opposed connecting mission-critical systems to the public Internet. The Internet was originally designed by DARPA only as a means of sharing research information among a few systems controlled by the organizations by which the research was being performed.
Regrettably, many good-intentioned CEO’s and Senior Executives “bought into” the myth that crucial, mission-critical information systems, of which those controlling the electric grids, defense and intelligence systems, and the like are a apart, could be adequately protected when connected to an inherently insecure public Internet. In other words, “pop culture” technological views were accepted by management lacking professional IT Security training and experience without giving due consideration to the possible negative impact on security. Often they ignored sound advice of professionally certified IT security practicioners in the process.
History and current events are proving the fallacy of those decisions. Much, if not the majority of the technology used by applications deployed on Internet-connected systems has great merit. However, crucial systems such as those most recently suffering intrusion and unauthorized alteration by hackers (many of which likely are acting at the direction of hostile foreign governments) must be isolated from the public Internet. When they must be inter-connected, those interconnections must also be by means of secure networks completely controlled by the organizations whose individual systems are affected.
To the extent that we continue to adequately address this issue and make the necessary changes, it is certain that more unauthorized intrusions and alterations will occur and likely that, eventually, significant additional harm will be done to our economy as a result.
Post a Comment(Requires free registration)
- Please avoid offensive, vulgar, or hateful language.
- Respect others.
- Use the "Flag Comment" link when necessary.
- See the Terms and Conditions for details.
Advertisement