Cybersecurity: It Takes a Village

President Barack Obama greets his new White House Cyber Security Chief Howard A. Schmidt, Dec. 17, 2009. (Official White House Photo by Lawrence Jackson)
White House
On Tuesday President Obama officially appointed Howard Schmidt as the nation's new cybersecurity coordinator. With experience in law enforcement, the Bush White House and private industry including Microsoft and eBay, Schmidt is clearly qualified to be the nation's top cybersecurity cop. But, as competent as he might be, he can't do the job by himself.

The only way to protect our national infrastructure is for everyone to take cybersecurity seriously. Obviously that includes banks, internet service providers; social networking services and other industry players but it also takes everyone else. That not only includes corporate end-users but individuals as well.

Consider the alleged attacks on Citibank that the Wall Street Journal reported on yesterday.

The Journal said that the FBI is investigating a security breach against the giant bank that "resulted in a theft of tens of millions of dollars." The newspaper quotes "government officials" as saying that the culprits appear to be linked to a Russian cyber gang. Citibank denies the story. A spokesman told the Journal "We had no breach of the system and there were no losses, no customer losses, no bank losses."

Assuming the story is true, should all of us smugly place the blame on Citibank or other financial institutions for lack security? Perhaps, but I would recommend that we all review our own security as well

People familiar with the case have said that one of the weapons used in this attack may have been a piece of malicious software called Black Energy that works by surreptitiously infecting users computers to turn them into zombies which, collectively form a botnet which can be used to attack other computers, including ones operated by banks. That software, according to CNET News was written by a Russian language speaker and can be obtained by hackers for as little as $40.

Another possible weapon in these and other attacks are keystroke loggers which reside on individual computers, keeping a watchful eye on everything we type. If your PC is infected by such software, your banking credentials can be stolen by criminals who can then use them to log in and drain your account.

It's not clear how much money is stolen every year by hackers but if you add up the cost of all computer crime, the toll is certainly in the billions.

While the phrase "it takes a village" is a bit worn out, I do think it applies when it comes to computer security because what individuals do to protect their own system can benefit other people. It's a bit like dealing with medical epidemics. Preventing yourself from getting the flu doesn't just protect you but it also makes it less likely that you'll spread the flu to others. The same is true with protecting your computer. Making sure that you're practicing good computer security helps protect our entire "village."

That brings us back to President Obama's new "cyber czar." During his previous stint at the White House, Schmidt was instrumental in developing the "National Strategy to Secure Cyberspace," including promoting "a comprehensive national awareness program to empower all Americans - businesses, the general workforce, and the general population - to secure their own parts of cyberspace." The plan not only called for increased public and private sector cooperation, but for everyone to do what they can to secure their own systems.

On the White House Blog, Assistant to the President for Homeland Security and Counterterrorism gives Americans some basic advice to help secure our own systems, including:

-Keep your security software and operating system up-to-date.
-Protect your personal information online
-Know who you are dealing with.
-Learn what to do if something goes wrong.

It's also important to be sure to use strong passwords and change them regularly.

Federal cybersecurity education resources include the Federal Trade Commission's Identity Theft site, the FBI's and National White Collar Crime Center's Internet Crime Complaint Center, and the U.S Computer Emergency Readiness Team's Cyber Security Tips.