Where Is Our Cyber Defense?
By Alexandra Petri
The prolonged assault on American and South Korean websites that began July 4 shows why President Obama declared cyber security a priority of his administration. But it also highlights that, so far, we don’t have a coherent national cyber defense.
The attacks this past weekend targeted a wide array of sites within the public and private sector, from the National Security Agency to NASDAQ to Washington Post Digital. But this is no isolated incident. Literally millions of attacks occur on U.S. systems every day. The past several years have seen a spike in online attacks on government agency sites -- from 5,503 in fiscal year 2006 to 16,843 in 2008. The private sector, too, is continually under attack, with 280 million sets of data compromised last year alone. What is noteworthy about the attacks of the past week is how organized and effective they were -- some sites, such as that of the Department of Transportation, experienced 24-hour outages.
The government is doing something. Currently, the Department of Homeland Security is responsible for securing dot-gov sites and the Department of Defense handles dot-mil, both of which were targeted in the recent assault. And Defense Secretary Gates announced last month the creation of a “cyber command” to handle the Defense Department’s side, to be helmed by the director of the National Security Agency.
But as our defense grows, we need to make sure that whatever system develops is one that respects privacy. Like real war, cyber warfare has a tendency to take civilian casualties, and as the battle wages on, any hard lines between public and private threats will be easy to blur. As happened this weekend, the same attackers can target public and private sites. Collaboration between government and private cyber defenders to anticipate and thwart attacks is key to a successful defense, but there must be a system in place to protect privacy and make certain that the sharing goes both ways -- for instance, an anonymous, secure database where businesses and government entities can share information about ongoing threats and responses.
President Obama can start by appointing a cyber czar who will ensure our cyber defense doesn’t fall into the cracks between government agencies. And as we deal with threats that tread the line between public and private, we need someone in place to ensure transparency and accountability, too, so that it won’t infringe on the privacy we seek to protect.
By Alexandra Petri | July 8, 2009; 3:20 PM ET
No comments:
Post a Comment