Reflections on 2009
Just over a year ago, I was invited to join ongoing discussions with retired Lt. General Harry Raduege, Scott Charney and Representatives Langevin and McCaul and other industry, academia, and government representatives, and engaged in an impassioned debate. The topic? Cybersecurity strategy and direction for the next President. How would we advise the incoming President about protecting and securing our country’s information systems?
Formulated within the Center for Strategic and International Studies (CSIS), we discussed the evolving online threats, how our current approaches and technologies stack up against these threats, and how these factors – and others – impact the online world in ways that affect U.S. critical infrastructure and our way of life. In late December 2008, we completed and delivered the Securing Cyberspace for the 44th Presidency report, which outlined our recommendations.
When President Barack Obama came into office, he appointed Melissa Hathaway – who chaired a multiagency group called the “National Cyber Study Group” that was instrumental in developing the Comprehensive National Cyber Security Initiative to direct U.S. Federal cybersecurity efforts – leading to a comprehensive “60-Day Review” of the U.S. cybersecurity infrastructure. The ensuing Cyberspace Policy Review published in May 2009 by the Obama administration includes key findings and recommendations from the 60-Day Review. This report examines important cybersecurity challenges and sets the focus and path toward increasing the security of government, critical infrastructure and consumer systems, both domestically and globally.
Fast-forward to this past December 22. President Obama’s appointment of Howard Schmidt as U.S. Cybersecurity Coordinator should regenerate the momentum needed for the U.S. – and the world – to protect national and economic interests online. Mr. Schmidt is faced with the arduous task of reinvigorating and building upon the significant efforts to date, forging new relationships while expanding upon collaborations already underway between the private and public sectors, and international leaders.
Opportunities in 2010
There is plenty of work to do in 2010 and in the years ahead. We’ve achieved substantial success to date and momentum for Mr. Schmidt to build upon. That doesn’t make his work any easier, but hopefully it gives him a running start.
Now is the time to accelerate our leadership. Most significantly, we should build upon and deliver against the recommendations drawn out in the CSIS’ report and take confident, swift action. Helping to move the 30+ items of cybersecurity focused legislation through Congress – such as The National Cybersecurity Act of 2009 (.773) – also requires his participation, as does the 2011 budget for cybersecurity.
Yet no single individual or group can be held solely responsible for this immense undertaking. After all, while the government is responsible for national security, the private sector develops and delivers much of the infrastructure. And the public plays just as critical a role, as we each use and rely upon information systems and the Internet in our day-to-day lives. The public must increase its awareness and become educated on what to do – and not to do – online. The government and businesses must lead the charge and provide necessary information and resources to help move us all forward securely.
For those of us who develop and deliver information systems and technology, we must embed security into everything we do, especially as it relates to our country’s critical infrastructure. Whether it is Smart Grid strategy and implementation, reformation of our country’s healthcare, and the like, we need to be focused on the quality, assurance and integrity of our products and services. By working together, the private and public sectors and global leaders can learn from each other as well as share in the effort – and rewards – associated with a secure and prosperous IT infrastructure.
Today and into the Future
Today, as ever, we need to be increasingly vigilant. Attacks occur all the time, whether they are publicized through the media or run silently under the radar. Cybercriminals have become more sophisticated in their exploits, relying on smaller, more frequent and targeted attacks, increased cross-protocol assaults, and reputation hijacking that takes advantage of users’ trust. The attacks directed at the DNS provider for Amazon.com and other large e-commerce companies that took several Internet shopping sites offline before Christmas is just another reminder that we need to keep security top of mind and be always on guard.
The Cisco 2009 Annual Security Report reported that in 2010, spam volume is expected to rise 30 to 40 percent worldwide over 2009 levels. It’s clear that spam is still a threat to business security and productivity. According to Sophos, there was one new web infection every 4.5 seconds, with five times more malicious email attachments in 2009 than the end of 2008. We can expect more of the same illegal and malicious activity in 2010 and beyond. We simply can’t let our guard down today to protect our interests of tomorrow.
We all share a common information network. This is not one country’s predicament, nor one individual’s charge. Looking across the globe, we see other nations, such as the U.K., Australia and Finland, busy establishing their online security position and strategy to ensure their country’s security. Each country needs to take the necessary well-planned actions to ensure the safe and secure delivery of critical programs and services to their public. Our combined efforts will only strengthen the Internet for us all.
Looking forward, it will be interesting to see how the recommendations made in the CSIS Report and other cybersecurity initiatives underway will play out under Mr. Schmidt’s leadership. We’re here to help strengthen and expand existing private-public partnerships, and to work with Mr. Schmidt and his team on protecting our nation and helping to make our world a safer place to live, learn, work and play.