Almost weekly, the world witnesses the power of the Internet to un- lock voices in closed societies around the world. Even as governments work to impose controls and limit communication, we see time and again that the human spirit and innovation prevail as tech-savvy citizens find new ways to keep information flowing. Such was the case recently when industrious citizens found ways to rebuff the Iranian government’s attempt to slow Internet traffic and block text messaging ahead of expected demonstrations during the 31st anniversary of the Islamic Revolution.
The United States is increasingly supportive of these types of populist efforts. Recently, the Obama administration announced that it will permit technology companies to export online services like instant messaging, chat and photo sharing to Iran, Cuba and Sudan in an effort to leverage the Internet’s potential for unlocking traditionally closed societies.
At the same time, however, the United States, the world’s champion for free expression, finds itself at an unprecedented crossroads at home - embarking on a critical discussion of how, in the age of Web 2.0, we can maintain a precarious balance between free speech and the need to protect our vital infrastructure, both public and private, from cyber-attacks or full-blown cyberwarfare.
The battle lines are being drawn around the Cybersecurity Act of 2009, introduced by Sen. Olympia Snowe, Maine Republican, and Sen. Jay Rockefeller, West Virginia Democrat. The bill is intended to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cybercommunications, while maintaining effective cybersecurity defenses against disruption. At the crux of the bill is a provision that would empower the president with the authority to terminate segments of the Internet in the event of a cyber-attack.
This provision is set to spark intense debate, and the stakes are enormous - squaring off the potential for catastrophic damage to critical infrastructure, such as our power grid, transportation systems and financial networks, and the erosion of freedom of expression.
How can we ensure that we strike the right balance? There is no easy answer, but caution and cooperation should be the watchwords that illuminate the path forward:
c Get an accurate diagnosis: Nefarious individuals or entities can easily mask the source of a cyber-attack. At the very core of the freedom-protection balancing act is the ability to identify and define an attack and its origin rapidly and definitively. Our offensive capabilities need to be quickly enhanced and without them, we cannot ensure balance or the protection of liberties.
c Expand public and private cooperation and transparency: Both the public and private sectors have enormous stakes in this issue and must be partners in the solution. This joint cooperation around cybersecurity issues has expanded under the Obama administration with greater sharing of vulnerability reports and other initiatives. But also essential to the discussion is the role that the intelligence community (National Security Agency, Central Intelligence Agency and Department of Homeland Security) should play in cybersecurity. This month, the White House issued new federal information security rules, outlined in an Office of Management and Budget memorandum, which will require agencies to monitor digitally the security of their computer systems and feed summaries of their findings to a central website. Certainly, balancing the sensitive nature of this information will require a watchdog approach to ensure that the bad actor is not able to access information intended only for the intelligence community. This is a fine line no administration has been able to balance.
c Educate and mobilize citizens: Today’s PCs, laptops and 3G phones are powerful communication and business tools. These same tools, however, can also become dangerous weapons on the front lines of massive cyber-attacks. Many citizens fail to apply even the most basic safeguards to their personal technologies, exposing them to the risk of being accessed by hackers and used as weapons to launch cyber-attacks. Citizens must become an important part of the cybersecurity solution. The information technology vendor community can help by educating consumers about their responsibility to protect themselves and our larger critical infrastructure. To start, they could build instructional content on security into the device setup process and offer instructional videos and tutorials on various social media platforms, such as YouTube.
The complexity of and sensitivity around the security versus free expression debate should not deter discussion and, ultimately, action. The stakes are simply too high. We, as a nation, have proven time and again our ability to balance competing interests effectively. By leveraging caution, collaboration and innovation, we can once again prevail - enabling citizens and organizations to leverage fully the power of new technology for commerce and free expression while ensuring our national security.
Patricia Titus is chief information security officer for Unisys Federal.