Information Security News mailing list archives
Cyberdefense mired in Cold War
From: InfoSec News <isn () C4I ORG>
Date: Mon, 19 Jun 2000 08:33:15 -0500
http://www.fcw.com/fcw/articles/2000/0619/news-dfnse-06-19-00.asp BY Dan Verton 06/19/2000 The absence of a catastrophic cyberattack against the United States has created a false sense of cybersecurity and has allowed costly Cold War-era Pentagon programs to siphon money from critically needed information technology and security programs, a panel of experts warned last week. "Were still mired in a Cold War-era defense spending mentality," said Sen. Charles Schumer (D-N.Y.) at a symposium titled "Technological Change and American Security" and sponsored by The Brookings Institution. The rapid advance of IT has created "real and potentially catastrophic vulnerabilities," Schumer said, adding that the consequences of a cyberterrorist attack "could be devastating." Eye of the Beholder However, senior security officials are battling a perception problem, according to experts who took part in the symposium. Without a clear-cut example of an "electronic Pearl Harbor," where a surprise cyberattack cripples financial markets and other critical systems, its difficult to convince top military and political leaders that IT research and development should be a bigger priority in the budget process, experts say. "Cyberterrorism is not an abstract concept," said Jeffrey Hunker, senior director for critical infrastructure protection at the National Security Council. Although attacks historically have been labeled as "nuisances," that may not be the correct way to look at the problem, Hunker said. The government is dealing with an "enormous educational deficit" when it comes to IT security, he said. Part of the problem is the fact that the Defense Department remains committed to lobbying Congress for money to pay for programs such as the F-22 Joint Strike Fighter instead of increasing funding for IT programs, said Michael OHanlon, a senior fellow for foreign policy studies at The Brookings Institution. "I believe that is not affordable even in this age of surpluses," OHanlon said, adding that DODs assumptions about future budget gains are "wrong." OHanlon advocated spending more money on advanced sensors, precision-guided weapons and other IT programs. That type of investment would preclude the need to buy costly systems such as the F-22, he said. But even events such as the outbreak of the "love bug," which reportedly cost the U.S. economy billions of dollars, have not convinced people in and out of government that the problem is real, Schumer said. Usually, when a major crisis costs people a lot of money, it leads to many visits to Capitol Hill and requests for help, Schumer said. But that never happened after the love bug outbreak, he said. Some experts have questioned the governments liberal use of the term terrorism to describe acts of mass disruption on the Internet. However, when asked about the seeming lack of interest in cyberattacks by well-known terrorists such as Osama bin Laden, a senior White House official said the focus should not be on what bin Laden does or does not do, but on being proactive and understanding that a major attack may be coming. Hunker said he agrees. "We are attempting to be proactive," he said. "I believe that we are going to get nailed seriously." The National Security Agency is one of the federal entities that has taken a proactive approach toward security cooperation between government and industry (see box). But one of the biggest challenges facing the nation, highlighted during the love bug incident, remains convincing industry that security is as important as making money, said John Nagengast, assistant deputy director for information systems security at NSA. "Vendors and users have to treat information assurance as a fundamental precept of doing business," he said. "It has to become part of the business case." ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Cyberdefense mired in Cold War InfoSec News (Jun 19)