SMITH: Winning the hidden war

COMMENTARY:

We’ve all felt the moment of panic when our laptop or home computer locks up or when we see the dreaded “threat detected” warning after running a virus scan.

In just over 10 years, the use of Internet- and networking-based technologies has exploded, and are now part of our everyday lives. Even the fundamental make-up of our society - from how we communicate with each other to our financial portfolios to our nation’s electricity grid - has positively transformed productivity and quality of life in America and around the world.

Unfortunately, this interconnectedness also has led to an increased dependence on the Internet, and thus, increased vulnerability for individuals and for our country’s cyber-security. This increased exposure has been accompanied by real and growing threats from basement hackers stealing credit card and Social Security numbers to cyber-terrorists shutting down our nation’s power grid, to hostile foreign governments invading our military’s defense networks.

Hassles created by Internet tricksters can slow or even stymie businesses. The threats to our physical infrastructure - such as the networks supporting our telecommunications, financial systems, and national security and defensive capabilities - are also very real. Former Director of National Intelligence Michael McConnell appropriately refers to these vulnerabilities as “the soft underbelly” of our nation’s security.

In December 2007, hackers stole data from millions of credit and debit cards of shoppers from a large retail chain. Today, hackers drive cars wired with laptops and other anti-security devices to steal confidential information from wireless users in their own homes.

Two weeks ago, the French Navy grounded its fighter planes because an infected USB drive led to a virus infection that blocked pilots from downloading flight information. Similarly, last month it was reported the British Defense Ministry had begun investigating what appeared to be a major security breach affecting more than 24 Royal Air Force bases.

Just days ago, it was revealed cyber-attacks on U.S. government computer networks climbed 40 percent last year, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.

Most recently, the federal government reported the Departments of Defense, State, Homeland Security and Commerce have all suffered major intrusions in which sensitive data were compromised. Government networks often are targeted by foreign nations seeking intelligence as well as criminal groups and individuals who may want to disrupt power, communication or financial systems.

This is on top of the millions of private citizens who will have their personal information stolen this year.

Because secure networking is imperative to our economic safety and national security, the federal government has an obvious responsibility to provide comprehensive leadership in preventing these types of attacks.

Until recently, however, our cyber-defense efforts were largely an uncoordinated hodgepodge of various programs and policies.

President George W. Bush issued a Presidential Directive establishing the Comprehensive National Cyber-security Initiative (CNCI) in January 2008. The CNCI aims to bring strategic planning, coordination and additional resources to our nation’s cyber-security efforts. It is a comprehensive program designed to strengthen efforts from immediate detection and prevention of network intrusions to counterintelligence, information-sharing, and collaboration with the private sector.

But technological advancement is likely to be the most important factor in the long-term success of the initiative and the future of cyber-security. Because security was not a focus of the original architects of the Internet, there are fundamental vulnerabilities in the basic “backbone” that governs data exchange over networks. Exploitation of these inherent vulnerabilities require immediate and aggressive attention, but ultimately is a cat-and-mouse game that cannot persist forever, especially given today’s increased dependencies and vulnerabilities.

As such, the CNCI supports research and development (R&D) in pursuit of transformational advances in Internet architecture that will allow us to leap ahead of our adversaries with a fundamentally securable Internet.

Story Continues →