- The Washington Times - Thursday, September 5, 2002

We all remember the dire Y2K warnings. Transportation and financial systems would shut down, and everything from your water and electric service to your coffee pot and alarm clock would go on the fritz.

None of that happened, of course, thanks to an aggressive, cooperative international effort to update the world's computers and information networks. But the very success of that effort could well be hindering us from properly defending our critical infrastructures from a much more serious and persistent threat: the threat of major cyber attacks.

While much of the nation and the world are focused on improving our physical security in the post-September 11 world, there is an alarming level of complacency about our vulnerability in cyberspace. I am not talking just about computer viruses and Web site intrusions, which can be devastating enough on their own.

Increasingly, nearly every aspect of our daily lives is linked to the Internet or some form of information network. A major attack on our communications, transportation, utility, financial or other vital information backbone could wreak the same potential havoc in both the physical and cyber worlds that propelled the world into action to avert Y2K disasters.

In two recent surveys conducted for the Business Software Alliance, information technology professionals said our business and governmental institutions are likely to be hit with a major cyber attack in the next 12 months. And while a majority of those surveyed think their organizations have made important strides in cyber security, only 18 percent think the private sector is adequately prepared to defend itself against such attacks.

The bottom line: The gap between the threats to our information networks and the ability of government and businesses to respond is growing when it should be narrowing. Yet it appears that neither business nor government is taking seriously enough the potential for devastating attacks in cyberspace.

To narrow that gap, Congress and the Bush administration need to make sure that cyber security is a top priority in legislation now being considered to create a Homeland Security Department. To that end, we believe it is crucial that the new Department of Homeland Security has within it a stand-alone cyber security division that can focus on assessing the threats to both government and private sector networks, and work with the technology sector to ensure that the most advanced security technologies are protecting all of the nation's critical networks.

For such an office to be effective, it also must have the latest information about what the real threats are. For companies to share that information voluntarily, however, they have to know that trade secrets and other sensitive data will remain confidential. Ninety percent of our critical information networks are privately owned, so it is crucial that these companies are comfortable sharing confidential information with the Department of Homeland Security.

We also need a strong plan, backed by the necessary resources, to improve the security of our government networks. Studies have consistently shown that federal agency security is woefully inadequate. The BSA has worked closely with House leaders to incorporate the strongest information security directives ever imposed upon federal agencies in the House-passed Homeland Security Act. We now need to make sure that the Senate supports similar language, which ensures that the standards, while strict, are also technology neutral so that agencies have the flexibility to react fast-changing threats.

Commitment, cooperation and resources were key in averting Y2K disasters. Let's make sure we do the same or more to defend the United States and the world from the next generation of threats.

Robert Holleyman is president and CEO of the Business Software Alliance.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide