Monday, April 19, 2010

Cyber War

As I was driving back from North Laurel this afternoon I happened to catch the latest episode of Fresh Air with Terry Gross on NPR. Her guest today was Richard Clarke, the National Coordinator for Counterterrorism in both the Clinton and Bush administrations. He has written a book entitled “Cyber War: The Next Threat to National Security and What to do About It.”

At the top of the program Terry mentioned the creation of the new Cyber Command and mentioned Lt. General Keith Alexander’s comment last Thursday that “computer networks essential to the Pentagon and military are attacked by individual hackers, criminal groups and nations hundreds of thousands of times every day.”

Clarke warns that while the military is gearing up for this threat, private industry remains vulnerable.

"The Pentagon is all over this," he says. "The Pentagon has created a four-star general command called Cyber Command, which is a military organization with thousands of people in it to go to war using these [cyber]weapons. And also, Cyber Command's job is to defend the Pentagon. Now, who's defending us? Who's defending those pipelines and the railroads and the banks? The Obama administration's answer is pretty much, 'You're on your own,' that Cyber Command will defend our military, Homeland Security will someday have the capability to defend the rest of the civilian government -- it doesn't today -- but everybody else will have to do their own defense. That is a formula that will not work in the face of sophisticated threats."

He offered that this akin to telling the steel factories during World II that they’d have to defend themselves.

It may not have been as entertaining as the last Fresh Air program I wrote about but it certainly was more informative and timely.

You can listen to the complete show here


Anonymous said...

Always liked Clarke, especially when he single handily battled the Bush admin regarding the 911 threats. His demeanor and knowledgeable discussions are always informative.

I think he is scheduled on Real Time with Bill Maher this Friday.

Anonymous said...

Heard it, too, while in between work and wisdom tooth extrtaction prep for one of my children.

The two struck me as the same sort of scenario. A bit of controlled pain now, or a lot later, and for the rest of your life.

The big question is...who do you chose to be your surgeon, and how much of your self volition do you want give up?

I, personally, went with a local numbing when I had mine taken out. I stayed awake. Others, because of the nature of the surgery, choose nitrus oxide or being knocked out entirely. In some cases, this is justified.

When it comes to cyber security, apply the same criteria--is it worth the pain? And, what do I want to give up?

Unlike wisdom teeth, this will effect (affect) us all for years--the foreseeable futre. The area stands to gain much from this initiative. How much do the American people stand to lose?

Just thoughts off the top of my head.

Choose wisely.

Anonymous said...

Just what this site needs - fearmongering.

Fearmongering for the sake of BRAC jobs. At what price?

What's next? WMD's in Canada?

All together now: "Be afraid. Be very, very afraid."

Tom said...

Transparency means everything we have ever done is exposed to the whole world. Too much information available. Did anyone else see the story about all the information on used corporate copier hard drives being being sold for pennies.

By the way isn't it nice the community isn't up in arms about any big topics and the blogs are all civil.

Anonymous said...

The Internet was designed to be a distributed network with no center - one of the earliest stated goals of this was to make it resilient to attack.

Placing civilian networks under the protection of the government is, generally speaking, the wrong way to go. Attacks that work against the government will then work against the civilian networks.

Allowing - forcing - civilian networks to manage their own defense is actually the correct way to go. This increases the complexity of the environment that the aggressors have to figure out how to penetrate. Somebody in China want to break into a bank's databases? Well they have to study that bank's defences and find a way through them. They can't assume that an exploit that works on some other banks' network will get them through.

Information security is honestly best handled by an informed culture of independent agents. They should be entirely close-lipped about what their actual defense strategies are, but on the other hand they should foster an environment where they freely share information about vulnerabilities and exploits.