Preparing for Cyberterrorists
The early Internet days were much like early humans living in caves: no doors, no locks, and a frolicking sense of freedom that came with a variety of vulnerabilities to predators.
This week saw yet another reason to build more cyberwalls and digital checkpoints into a system that's become a critical information pipeline for both commerce and national security.
A clever hacker designed a computer virus dubbed "MyDoom" to shut down one company's website on Sunday and is expected to hit Microsoft Tuesday - yes, even mighty Microsoft, which offered a $250,000 reward to anyone exposing the prankster.
This virus is more dart than dynamite, and it seems aimed only at companies vying against the open operating system Linux. It also relies on the gullibility of e-mail users to open attachments from strangers. Nonetheless, it's a reminder of the need to move faster to protect the Internet from cyberterrorists who could try to do catastrophic damage to the nation's core functions, such as electric grids or stock markets.
Many companies are investing in "intrusion detection" software, firewalls, backup systems, power units, and other security measures. In fact, the growing cybersecurity industry has become a big job generator.
The federal government's primary role in this rush to secure the Internet is to lead but not to dictate. Last week, for instance, the Department of Homeland Security announced that anyone can sign up with its cybersecurity division and be sent an e-mail alert when a computer threat is detected. Like weather alerts, this new system provides a neutral source of information. But also like weather alerts, they could be late or even wrong.
Cybersecurity needs a public-private partnership to block the Internet's holes. That requires a delicate dance between the public's need for security and each company's calculation on the level of risk and financial viability of investments in cybersecurity.
Are companies doing enough, and is government aggressive enough in pushing cybersecurity? The answer is probably no on both, but until there's an actual cyberattack, it's difficult to know for sure. In December, private industry was warned by federal officials it must do more in cybersecurity or face regulations. "We know the enemies of freedom use the same technology that hackers do, that we do," said Homeland secretary Tom Ridge. "And we know that they are looking to strike in any manner that will cripple our society."
Some regulations, such as requiring companies to conduct regular security audits and disclose problems, seem reasonable. But mandating technological fixes would be risky in the fast-moving cybersecurity industry.
The trick is to find a balance between demands for security in the marketplace and demands for national security that works for both.