Cyber security proposals
As if on cue, former Congresswoman Heather Wilson (R-NM) has an op-ed in today’s Washington Post advocating a dynamic response to cyber security:
First, we must abandon the notion that static defenses will help us against sophisticated threats….
Our cyber-defense capabilities must be inherently dynamic, with a close connection between system operators, intelligence analysts, and the researchers who can rapidly build and deploy tools to protect or restore vital capabilities.
Second, our intelligence on other countries’ cyber-capabilities must be strengthened. We have scores of trained experts who know the ins and outs of foreign radars and missile systems and almost none who are daily tracking cyberthreats in all their manifestations.
Third, while there are national security systems we certainly need to protect, our greatest vulnerability as a nation is outside the government. Our banking system, our telephone communications and our electricity grid are all owned and run by private companies and are interconnected to the global computer network. We must anticipate that an adversary determined to cause economic damage or enhance the fog of war will exploit these vulnerabilities.
A better approach is to align the interests of stockholders with the interests of national security by establishing a trusted safe harbor where private entities can confidentially share information and get help from cyberexperts in and out of government. Such an information clearinghouse could, without attribution, share information with other private entities so that everyone benefits.
The timeliness of Wilson’s piece fits nicely with PPI’s cyber security event on Thursday. The good news is that there’s starting to be a ground-swell of bi-partisan support on the federal level for cyber security, but while op-ed’s in the Washington Post are a great start, the government has to do a better starting the dialogue with the public. Think about climate change - fifteen years ago, it was an issue that a few fringe environmentalist groups cared about. It was a long-term threat that the average American couldn’t physically grasp. Then along came “An Inconvenient Truth” and $4 gas, and BOOM, everyone’s an environmentalist. The key was that there were consequences for all - the left viewed climate change as a moral issue, the right viewed it as a national security issue (”energy independence”). And the cross-over between the two was significant enough to galvanize the country.
Where’s that moment for cyber security?
Come on Thursday and hopefully we’ll find out.
Posted in PPI, cyber, integrated security
June 23rd, 2009 at 12:43 pm
Hopefully, the “moment” is not a cyber-security crisis. It would be nice to get in front of one of these issues for once. Glad to hear that PPI is doing its part.
June 23rd, 2009 at 1:33 pm
http://bostonreview.net/BR34.4/morozov.php
a response to all the threat inflation on cybersecurity from the Boston Review.
June 23rd, 2009 at 3:09 pm
It is simply astounding that Heather Wilson is trying to remake herself into some sort of cyber security sage.
Consider the case of Shawn Carpenter (http://en.wikipedia.org/wiki/Shawn_Carpenter), a former cyber security analyst that was fired from Sandia National Laboratories in 2005 for passing information to the United States Army and the FBI. Carpenter uncovered a sophisticated cyber espionage ring dubbed “Titan Rain” while employed at Sandia. According to TIME Magazine and other reporting, “hundreds of military installations, government agencies (including Sandia Labs) and defense contractor networks were penetrated and sensitive information was being systematically stolen. The firing and resulting wrongful discharge trial was covered widely in the local and national press. Carpenter prevailed at trial, with the outraged jury awarding him almost $5 millon - most of which was punitive damages.
Heather Wilson didn’t utter a peep while she was in office about this case, even though the local media was plastered with reporting. Additionally, it is hard to miss a TIME cover article (http://www.time.com/time/printout/0,8816,1098961,00.html) that involves a national laboratory in your home state. Doing so may have offended her campaign donors (i.e. Lockheed, who operates Sandia for the government). According to news reporting, Carpenter had to go elsewhere for Congressional support, as his own Congressional Representatives in New Mexico couldn’t be bothered with his concerns.
Her quote from the oped, “Yet an important part of protecting ourselves is sharing information about what probes and compromises are found…” rings hollow. It is absolutely absurd that she is now consulting on cyber security. It is incredible that WAPO printed her self-promoting platitudes without more closely examining her background and record on cyber security. Does anyone else find this new career choice odd?