Perspectives: Time to make Pittsburgh cybersecurity center

[InfoSec News <isn () c4i org>]

http://www.post-gazette.com/businessnews/20020106dicker0106fnp9.asp

Sunday, January 06, 2002
By Linda Dickerson 

Jeffrey Hunker's unique insights on information technology security
and his direct experience shaping significant public policy at a
federal level made him an attractive candidate to lead Carnegie Mellon
University's H. John Heinz III School of Public Policy and Management.  
In May, Hunker became the school's dean, succeeding Mark Kamlet, who
left the post to become Carnegie Mellon's provost.

During the Clinton administration, Hunker served in the White House as
senior director for critical infrastructure at the National Security
Council. In this capacity, he developed the country's first national
strategy for cybersecurity.

Only recently, people began to appreciate the value of his work.  
"Prior to Sept. 11, 2001 ... there were a lot of individuals who'd say
that it's all theoretical," Hunker said. Last year's tragedies made
security of all kinds, including cybersecurity, a pressing issue.

About two years ago when the nation experienced its inaugural
distributed denial of service attack, cybersecurity issues first
catapulted to the forefront of public attention. As a result of the
attack, thousands of individual computers were inexplicably unable to
access the Internet due to a virus distributed freely by hackers
trying to disrupt, if not disable, the country.

Through the "couple thousand hacker Web sites" that Hunker says are
available on the Internet, hackers exchange information about how to
penetrate the Web by accessing computers that are not generally
available to them. Hunker cites automated tracker software available
for downloading from the Web as evidence of this unscrupulous
activity.

And, he predicts that the level of such activity will continue to
rise. "It is just a matter of time before the next big wave of
distributed denial of service," Hunker predicted.

As the nation and the world become increasingly reliant upon the Web
and the Internet, the risk associated with a distributed denial of
service elevates accordingly. "There are so many interdependencies,"  
Hunker said, "that a serious intermittent disruption of service to a
relatively small number of computers will affect everyone."

Despite the serious nature of this, he said, "It's disruption rather
than destruction." But, the unpredictability of it exacerbates the
potential problems that a distributed denial of service attack could
create.

"You don't know when it is going to happen ... but there's just too
much opportunity out there," Hunker said. And a distributed denial of
service attack is not the only threat.

"The rise of cybercrime is also a concern," he said.

He urges business people to recognize that the "technology is changing
rapidly, the threats are also changing rapidly, so you have to keep
up."

The pace of change in the information technology field is dizzying.  
"Three years ago is like the Stone Age," Hunker said. This, of course,
places businesses at greater risk, but the typical risk mitigation
tools, such as insurance, aren't readily available.

"I challenge you to go out and buy insurance for the contents of your
computer," Hunker added. While some insurance is on the market, it is
costly and generally not sufficiently comprehensive.

Protecting a computer's contents, however, is not the sole
content-related concern. Determining what is appropriate content for
broadcasting on the Web also is an issue hotly debated these days.

When several enterprises marketed Nazi memorabilia on the worldwide
Web, eBay canceled its contract because the French government
considered such activity to be a violation of their federal law.  
Although other countries permitted the sale of such merchandise, the
Web broadcasts its information worldwide. France could not be
excluded.

To further complicate matters, Hunker said, "You've got the issue of
privacy and of free speech." These areas of the law frequently
collide, requiring the intervention of higher powers for their
resolution.

"It is eventually going to be a Supreme Court issue," Hunker
predicted. He clearly hopes that the Heinz School is leading the
debate that will ultimately shape the federal policies on this matter.

Carnegie Mellon University's reputed pre-eminence in information
technology coupled with Hunker's deep understanding of the nascent
cybersecurity industry position Pittsburgh well to assume a leadership
role. "I want to make Pittsburgh the national and international center
for cybersecurity," he said.

The resources available at Carnegie Mellon and elsewhere in the region
distinctively enable this area to assume this august role. As
cybersecurity climbs to the top of the world's priority list,
Pittsburgh could easily command the world's attention.


Linda A. Dickerson is a principal in Dickerson & Mangus Ink., an
issues consulting firm.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.