How Can Cyberspace Be Defended?
http://security.nationaljournal.com/2009/06/how-can-cyberspace-be-protecte.php
Last month, President Obama unveiled his long-awaited "Cyberspace Policy Review." The 60-plus-page document is the first step toward a strategic, national plan to protect and defend the Internet, which is now the backbone of global commerce, communications and our basic way of life. Obama made clear he knows how vulnerable our networked world has become. He said that his own campaign computers had been hacked, that the rate of online crime is increasing, and that cyber intruders had penetrated the computer systems that control electrical power plants in the United States. Obama said it was time to start treating cyberspace for what it is, "a strategic national asset."
The question is, how does the government protect a borderless, largely anonymous space that is almost entirely owned and operated by private citizens and corporations? Many had hoped that the president's new policy review would offer some answers, but it was thin on new ideas. Obama plans to appoint a new "cyber czar" to coordinate from the White House. But that official will have to contend with two enormous bureaucracies that play dominant roles in protecting cyberspace -- the departments of Homeland Security and Defense. How can one White House official, who will not report directly to the president, herd those giant cats? Has Obama got it right when he says that cyberspace is a "strategic national asset"? If so, why not commit more forcefully to its protection? Or is cyberspace too big, and perhaps too abstract, to "defend" the way the government does our land, sea and air borders?
-- Shane Harris, NationalJournal.com
Posts
RESPONDED ON JUNE 8, 2009 4:00 PM
James Jay Carafano, Assistant Director, Kathryn and Shelby Cullom Davis Institute for International Studies and Senior Research Fellow, Douglas and Sarah Allison Center for Foreign Policy Studies, Heritage Foundation
So Far So Good on Cyber All praise to the White House for what they have done so far on addressing the future of US cyber security. The recently released report has all the right kind of words—and most important (despite the inaccuracies in the press) the administration has correctly not appointed a "cyber czar." Why anyone would want to mimic a century long defunct political oligarchy is beyond me, yet Czar-mania is all the rage these days. A czar for cyber is particularly stupid—as there are few challenges that are more complex, decentralized, and dynamic than dealing with cyber issues—no problem is less suited to a highly-structured, autocratic regime of governance. Rather, the new position in the White House looks like it will be what it should be a "policy coordinator." Having such a position for cyber issues makes real sense since the federal government has offense, defense, classified, and unclassified programs that often don't know that the other exist. Someone should know what everyone is doing and make sure they tal...
Read More
RESPONDED ON JUNE 8, 2009 12:40 PM
Michael P. Jackson, President, Firebreak Partners, LLC
It does little to promote serious discourse about the truly grave topic of cyber security threats to begin by ridiculing DHS and DOD as "grasping for power" or to suggest that President Obama has somehow been duped into basing his sensible cyber strategy on "a lame and corny threat model called 'weapons of mass disruption.'" It shows ignorance of the facts to deny that cyber vulnerabilities do indeed present the possibility of "paralyzing results." Most of what one needs to know to become seriously impatient about achieving stronger cyber security now can be found in the public domain. This is not the place to summarize open source data, for example, about the systematic penetration and exfiltration of very sensitive government and commercial data by foreign state actors, to assess SCADA and other vulnerabilities that serve as a gateway for denial of service attacks against critical infrastructure, or vulnerabilities of the domain name server routing network serving all internet users. Beyond that, having exposure to a more detailed understanding of the relevant...
Read More
RESPONDED ON JUNE 8, 2009 10:47 AM
Ron Marks, Senior Vice President for Government Relations, Oxford-Analytica
I think the Obama Adminstration has put the right cast on the cyberthreat situation and its handling within and without by the USG. It is, as with "hard target" defense, a part of the overall civil defense of the United States in the 21st Century and cannot be put on the back burner.. I understand that, in the first blush of 9/11, cyberterrorism was rightly cast aside for "hard target" concerns leading to a policy of "guns, guards and gates." It is, however, eight years after the event, and while there is no ignoring hard targets -- those who threaten also know that the net is an ever increasing part of our lives and they intend to exploit it. Cyberterrorism is here to stay and will grow bigger. First, however, let's get the facts straight vice the hyperbole. Few cyber attacks are ever going to be as painful to America as an attack of weapons of mass destruction. However, a successful cyber attack against the US banking system or an array of power grid structures, etc ain't gonna...
Read More
RESPONDED ON JUNE 8, 2009 9:16 AM
Shane Harris, NationalJournal.com
Here's a new comment from Jim Harper, director of information policy studies at the Cato Institute: Please, everyone, just settle down. Take a deep breath. You're getting into a lather. The Internet is important. It is a useful, powerful, and resilient communications medium. But it is not "the backbone of global commerce, communications, and our basic way of life." That metaphor is chosen to imply something that can be broken with paralyzing results. Witness Senator Rockefeller's recent statement briefly questioning whether we would have been better off without the Internet given the "fearsome, awesome problem" of securing it. The Internet is the opposite of that. It's more like a circulatory system, or skin. It's really not even a thing. It's an agreement to use a standard protocol for communicating across networks - thousands of them all over the world. The Internet was specifically designed to route communications packets around damage, making it much harder to break than the ...
Read More
RESPONDED ON JUNE 8, 2009 9:12 AM
James Lewis, Senior Fellow, Center for Strategic and International Studies
One thing I've been wondering about is why the endless repetition of threadbare arguments when it comes to cybersecurity. I was at a conference last week and got to hear about cyber-insurance, public private partnership, and information sharing all over again. Some of us thought we should hold up cards with the year we first heard some of these ideas - 1996, 1998, etc. The Obama administration report does a fair job of avoiding many of the pitfalls of cyber-think, but we can be sure that the old ideas will come up in discussion.
Most of the antiques involve the role of the private sector and the nature of cyberspace. Yes, it's new, different, and so on, but we've overcomplicated the problem (perhaps intentionally, in some cases). We got off to a bad start with the dawn of the commercial internet. First, there were the cyber libertarians - remember John Perry Barlow's peroration about how those tired giants - governments - should stay out of cyberspace? The internet was to be some new untrammeled space where the human spirit could innovate and soar, and so on. If nothing else, no ot...
Read More