Cyber-Attack Defense: We Are Not Prepared
The only thing certain about our response to problems and pitfalls on the cyber fast-track is that we make things up as we go. That hasn't been very reassuring when it comes to matters of national security and personal privacy in recent cyberattacks -- simulated and real.
Earlier this week, officials of the Bush and Clinton administrations participated in a simulated attack on telecom networks and the Internet infrastructure to test the US government's response. We failed, big time!
The exercise revealed the federal government lacks authority or knowledge about how to monitor and seize mobile phone or computer networks taken hostage by cyber terrorists intending to shut down or siphon sensitive data from the Internet.
Such an attack would compromise personal privacy, government operations, public utilities and every kind of business. It would leave the government confused and on the defensive in a war-like response, uncertain about the tech capabilities of Al Qaeda, Chinese cyber militants and other terrorists. Worse, it would prompt irate Facebook, Twitter, YouTube-viewing, texting and movie downloading and online video streaming zealots to mutiny. Forget about those stolen state secretes; just don't get the social networks riled.
Despite our passive ignorance, we gain more insight daily into the potential damage that can be inflicted by cyber criminals. The Wall Street Journal reported Thursday that hackers in China and Europe broke into nearly 2,500 US company and government agency computers over the past 18 months, putting vast amounts of corporate secrets and personal data at risk - from credit card transactions to intellectual property. Paramount Pictures, Juniper Networks and Merck were among the many companies whose computers were infected by the malicious software program, or botnets, used by cyber criminals to steal passwords, personal information and corporate documents, according to network security firm NetWitness.
The National Security Agency is working with Google to investigate a similar breech of its servers from inside China earlier this year that experts say is part of a larger global espionage effort. Google is threatening to pull out of China over the attack that impacted more than three dozen companies including Yahoo, Adobe, Dow Chemical, Symantec and Northrup Grumman.
That WSJ executive editor Jerry Seib said Thursday he considers mounting cyber attacks to be the new national security threat was lost in the day's headlines such as the Federal Reserve hiking the discount rate. Others are drawing similar conclusions even though the Department of Homeland Security simply responded to the massive attack by issuing an alert to the government and other organizations to "prevent further compromises."
Earlier this month, the director of national security intelligence, Dennis Blair, warned Congress of the growing threat of a crippling attack on vulnerable domestic telecommunications , computer networks and Internet infrastructure by increasingly tech savvy enemies. "Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication," Blair told a Congressional committee.
So far, there has been no obvious, reassuring action by Congress or President Obama to heighten US cyber security in response to these wake-up calls. The closest we've come are tersely-worded warnings from Secretary of State Hillary Clinton to the Chinese government.
Maybe they all are waiting for all this to be dramatized in the next hit video war-game to see how it plays out.