|
|
article page |
1 |
2 |
3
it will require changes to our laws to allow information to be shared. Awareness and support from our legislators in Congress, the Senate, and the courts is needed now, not in our traditional multi-year, political process of changing laws. The problem is now and it is only getting worse. If we don’t take real actions today, then our ability to control it later will be severely compromised.
We might benefit by looking at this issue within a historical framework. Specifically, let’s consider the airline industry around the 1930s, during which international travel began in earnest, and the beginning of World War II demanded the separation of private and military air space. Multiple policies, procedures, international treaties, and firm military consequences were put in place to ensure that we could freely protect our airspace, while simultaneously enabling the commercial airline industry to successfully create a business. In the same way that the government established landing rights for commercial flights, so too should the government work closely with the private sector to ensure that all cyber traffic is “good traffic.”
Second, we must continue to encourage the best and brightest minds in government, industry, and universities to tackle these problems. I have seen progress in this area through some systems integrators developing and implementing cyber labs for the industry. That is a good start and should be expanded to every university. At Narus, we fund a program in which we work closely with universities to develop methods and algorithms to understand traffic as it moves across networks and to counter cyber threats. We are beginning to see some of the fruits of our efforts as we leverage the NarusInsight system’s visibility into traffic and apply our latest analytics to identify anomalies as they traverse networks.
International Relations a Critical Piece to the Puzzle
Another area of cooperation entails the support among the international community to solve the problem. We must realize that cyber threats, in essence, can be a pandemic. Given the interconnectedness of the Internet, everyone on our RSA panel agreed—as does the industry as a whole—that the problem of cybersecurity is one that our government must engage in at an international level. To this point, former presidential advisor Richard Clarke argues in his new book3 that international agreements are crucial to prevent cyber warfare. Not surprisingly, he also states that international cooperation is necessary in identifying the source of attacks that violate these agreements.
|
|
Not only must we recognize the problem, we must align and train our current resources to find solutions. |
|
Of course, the United States is often the victim in this cybersecurity challenge as other countries seek to explore how they might achieve an advance in cyberspace. In March 2009, two separate reports implicated China in a major cyber espionage operation that compromised nearly 1,300 computers in more than 100 countries. The computers, which include machines at NATO, governments, and embassies, were infected with software that allows attackers to gain complete control of them, according to the reports4.
One potentially encouraging sign about our ability to negotiate cyber agreements came at a Russian-sponsored conference on Internet security held in April in Garmisch, Germany. A New York Times article stated that, at the conference, “the Russians were optimistic that progress was being made in bridging more of the cultural divide that has hindered international cooperation.” More materially, the story noted that, according to Russian officials, Russia and the United States “have agreed to renew bilateral discussions that began last November in Washington.”
The Role of Private Citizens in Cybersecurity
Engagement with foreign governments and private industry by our administration, ultimately, may not be enough: until the American public looks at the threats of cyber intrusions as passionately as issues such as healthcare and the economy, significant change may only be incremental. We must recognize that computers and the Internet are the bedrock for our economy. The electric grid, the water supply, the air traffic systems, most financial transactions, and the very essence of our communications via texting, e-mailing, and voice all rely on the Internet. A sustained, well-coordinated attack or set of attacks in close time frame to one another on one or more of these valued assets would be an unfortunate wake-up call. But we must not wait until then to act. Cybersecurity must no longer be regarded as a mere “insurance policy;” but rather, it must become an issue that we deal with collectively as a world population, seriously and urgently.
Certainly, these are complex problems, and ones that won’t be solved by technology alone. Ultimately, they are issues that we’ll need to address with a combination of technology, people in our workforce trained in this unique skill set, smart legislation, foreign policy, and partnerships between the public and private sectors.
|
|
|
|
|
|
|
|
