False sense of cybersecurity

Newly appointed National Cybersecurity Coordinator Howard Schmidt has a big job ahead of him.
 
The uncomfortable truth is that we’ve been fortunate so far; cyber attacks launched against the U.S. government, business, and personal computer networks haven’t yet caused widespread damage (although recent reports of a multi-million dollar attack on a major U.S. bank remind us how quickly that could change).

But in the absence of a leader like Mr. Schmidt, our nation’s approach to cybersecurity has remained inadequate and disconnected, leaving us vulnerable. In its Cyberspace Policy Review issued in May, the White House bluntly stated that “…the architecture of the nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient.” 

In fact, the Government Accountability Office reports a 200-percent increase in cybersecurity incidents over the past three years. This past July, a computer virus originating in Asia attacked computers and Websites in the United States and South Korea. The virus was relatively unsophisticated, but the attackers managed to hinder the operations of major news, commercial, and government Websites in both countries. The event served as a reminder of the vulnerabilities of global networks.

It’s time to move beyond public-awareness campaigns (in case you missed it, December was Critical Infrastructure Protection Month) and get serious about the growing risks of doing business – and living life – online.  

So how do we get secure?

As odd as it may sound coming from someone who puts great faith in servers and software, technology alone is only part of the equation. We need leadership and a sustained sense of urgency in three critical areas: governance, education, and technology.

Governance isn’t simply about government. Rather, it involves the systems we put in place to govern the use of technology in homes and office environments, as well as sensitive networks belonging to corporations, governments, and military forces. We all have governance responsibilities.

Individuals need to make sure their systems are secure at work and at home, starting with vigilant use of passwords and firewalls. Businesses should build a culture of online responsibility by holding leaders beyond the IT department accountable for maintaining secure environments. And governments at every level must take special precautions to protect sensitive data.

The second pillar of an effective national cybersecurity strategy is education. Individuals should educate themselves about cybersecurity risks and learn how to mitigate them by visiting sites such as www.staysafeonline.org, hosted by the National Cyber Security Alliance, where the risks, and how to deal with them, are plainly described. Sounds intuitive enough, but how many of us are truly vigilant about our personal cybersecurity?  

Passage of the Achievement through Technology and Innovation Act, a bill aimed at improving technological literacy in schools, would help improve online safety.  Rep. Lucille Roybal-Allard (D-Calif.) and Sen. Jeff Bingaman (D- NM) introduced the bill.

And just as the launch of the Soviet Union’s Sputnik satellite spurred the U.S. to make substantial education investments to promote excellence in science and technology, so too should the need for cybersecurity spur us to train technology professionals who can work in the public and private sectors to keep us safe. 

The Obama administration and House Science Committee Chairman Bart Gordon are taking the lead in this area, driving more funding to science, technology, engineering and math education (STEM). Their efforts should be unified into a comprehensive cybersecurity education initiative similar in scope and urgency to the National Defense Education Act of 1958, which increased STEM funding and ignited the Space Race.
 
But cybersecurity isn’t the job of government alone. To get the highest level of productivity and convenience out of digital networks, businesses, the government, and individuals must make cybersecurity a national priority and a personal responsibility. Public-private partnership will prove essential as it is the private sector that builds and maintains most of the infrastructure on which computer networks run – even government, intelligence, and military networks.

As we entrust more sensitive data and systems to online networks, the potential consequences of lax cybersecurity, particularly within government networks could be devastating. Fortunately, that reality–and its accompanying challenges–are not lost on a cybersecurity coordinator who has spent the better part of his private and public-sector career helping secure the digital networks that play a quiet but central role in our lives.