I reviewed an advance copy of the 65-page proposal which isn't so much a set of regulations as a primer on safe computing.
The plan advises everyone: home users and small business, large enterprises, higher education and government agencies to do all they can to shore up security. Home users, especially those with an always on connection to the Internet -- such as DSL or cable modem -- are being asked to install firewalls, anti-virus software and spam filters and to keep their operating systems up to date. Corporations, universities and government agencies are being urged to set up high-level committees to review their security policies. The plan calls for the government to "secure shared systems" and "insure the mechanisms of the Internet." It points out that "when the Internet was built, features like security, which are vital today, were not part of its foundation."
Though it may seem farfetched, it's actually possible for an internet connected home computer to be commandeered by a hacker and used to attack other computers, including government networks. Based on this scenario, the government is asking everyone to do their part to help protect our information infrastructure.
Clarke and other White House cyber security experts argue that our economy and national security are fully dependent on information technology and networked computers and that attacks on these networks can have serious consequences including disrupting critical services, potentially leading to the loss of life.
Buildings, bridges, airports and roads aren't the only things vulnerable to terrorist attack. The proposal suggests that potential adversaries have the intent and the tools to bring down our nation's data networks as well.
The report asks Americans to consider the following scenario: "A terrorist organization announces one morning that they will shut down the Pacific Northwest electrical grid for six hours starting at 4:00PM; they then do so. The same group then announces that they will disable the primary telecommunication trunk circuits between the U.S. East and West Coasts for a half day; they then do so, despite our efforts to defend against them. Then, they threaten to bring down the air traffic control system supporting New York City, grounding all traffic and diverting inbound traffic; they then do so. Other threats follow, and are successfully executed, demonstrating the adversary's capability to attack our critical infrastructure. Finally, they threaten to cripple e-commerce and credit card service for a week by using several hundred thousand stolen identities in millions of fraudulent transactions, if their list of demands are not met. Imagine the ensuing public panic and chaos."
While the scenario seems a bit unlikely, there is no question that the Internet is now part of our national infrastructure. Even if cyberspace weren't used to launch an attack there is certainly the possibility of a combined physical and virtual attack. As terrible and chaotic as things were on September 11th, some of the bright spots included the ability for information to flow via cell phones and the Internet, even when other channels of communications were unavailable. People used the Internet to learn find information about loved ones and colleagues and millions turned to net news sites to supplement what they were hearing on radio and seeing on television. Shutting down this resource would certainly add even greater confusion and chaos to whatever tragedy was unleashed.
The draft proposal and other information regarding cyber security can be found at www.securecyberspace.gov
A syndicated technology columnist for nearly two decades, Larry Magid serves as on air Technology Analyst for CBS Radio News. His technology reports can be heard several times a week on the CBS Radio Network. Magid is the author of several books including "The Little PC Book."
Got a PC question? Visit www.PCAnswer.com.