Since September 11, 2001 the Department of Homeland Security has implemented many changes to the way the government protects Americans. However, most of the changes have, until now, addressed only physical protection and security.
Recent legislation called the Department of Homeland Security Cybersecurity Enhancement Act of 2004, introduced by Rep. Mac Thornberry (R-Texas) and Rep. Zoe Lofgren (D-California) on September 13 this year, raises the responsibility for cybersecurity to the assistant secretary level, reporting directly to Department of Homeland Security Secretary Tom Ridge. This is a significant and much-needed step in protecting our nation’s digital assets and infrastructure.
Among the many initiatives included in the proposed legislation is the establishment of a national cybersecurity response system that would identify vulnerabilities that could be exploited to impact critical national infrastructures.
There are more vulnerabilities and threats that can impact our nation’s critical assets and infrastructure today than ever before in modern history. That’s not because we are relaxed about security, but because as we adopted all the benefits that information technology brings to our lives, we also opened up a multitude of other points of access — and the consequences that come along with that.
Hackers Wield Power
In today’s electronic world, a teenager sitting at home can create and send a virus that can shut down a power grid and leave an entire city in the dark in a matter of seconds.
A hacker from halfway across the globe can gain unauthorized access into a bank’s network and drain money out of customer accounts, right under the watchful eye of electronic cameras and security guards. And a worm sent by a terrorist intent on causing large-scale disruption can unleash a denial-of-service attack on a trading floor that would cripple the computers and halt all stock transactions going in and coming out — costing Americans millions of dollars in potential earnings and investments.
Vital organizations such as the New York Stock Exchange or Chicago Mercantile Exchange handle thousands of buy/sell orders a minute from around the world. In a single day, these two institutions handle billions of dollars in financial transactions that directly affect the health and prosperity of companies across America and investors around the world.
Simply equipping these institutions with metal detectors and security guards on patrol is not enough.
Protecting the nation’s critical digital infrastructure requires a comprehensive view of security that combines physical, digital and procedural components. These components are necessary and unique to each individual environment and must not impact normal daily activities, while providing the level of cybersecurity necessary to guard against the many known and unknown threats in the wild.
In the case of the New York Stock Exchange, how do you protect the network that all the computers are a part of and traders use to handle the thousands of transactions moving in and out every minute? How do you provide a high level of security while still maintaining the bandwidth necessary to handle the hundreds of thousands of transactions that are processed every day?
This is no small task, especially with the fast speed at which technology changes and cyber-attacks evolve. What may seem safe today could be vulnerable to an attack tomorrow. Cybersecurity is a never ending chess game involving moves and counter-moves.
Who will win? There may never be a clear winner in this game because there is no silver bullet that can protect our national infrastructure from all forms of cyber-attacks. Better security begets a more sophisticated attack. The best we can hope for is to come to a neutral draw with each side making the right counter-move to every move made by the other.
One thing is for certain: For our nation to be adequately protected in today’s world of information technology, cybersecurity cannot be an afterthought.
Dr. Prabhu Goel, winner of the 2003 IEEE Industrial Pioneer Award, is the Chairman and CEO of iPolicy Networks. Please send comments to firstname.lastname@example.org.