This page contains a Flash digital edition of a book.
@drewamorosi


Shots Parting


A


merican politicians love to bash the Europeans. A common refrain during many campaigns here in the


states is ‘my opponent’s policies will make us more like Europe’, as if the entire continent was a monolithic monster spewing forth a subversive socialist agenda. I would like to think that the more balanced among us view this repeatedly employed slight as nothing more than pandering to a least common denominator. When it comes to a unifi ed strategy to address cybersecurity, it appears that Europe is moving forward with a more concerted effort to address the issue. This fact was touched upon by Michael de Crespigny in this issue (pg. 24), when he reviewed the European Union’s plans to establish a common cybersecurity center designed to share vulnerability information among member states and stakeholders. Maybe ‘making us more like Europe’ isn’t such a bad idea after all.


It also seems the American public is on board with our European counterparts. Cybersecurity was cited as the US public’s primary security concern according to recent polling by Unysis. Among the fi ndings associated with the research, three-quarters of respondents expressed the most concern over cybersecurity, whereas 68% believed terrorism to be the most pressing security problem. It’s no coincidence that both issues are quickly becoming intertwined, and policies to address both will need to move in lockstep in the future.


Cybersecurity has received increased attention from recent presidential administrations. While the handful of cybersecurity bills currently being considered by the US Congress have largely avoided the partisan rancor of more mainstream


48


legislative initiatives, progress continues at a glacial pace while would-be cybercriminals and terrorists hone their skills. What the spotlight section of this issue has show is that the concept of cyber-terrorism is very real, hard to defi ne, and even more of a challenge


to combat. After all, what exactly does the word ‘cyber-terrorism’ mean? Does it include internal actors such as domestic saboteurs? Does it include only independent groups – sometimes with state- sponsored affi liations? Is it when a country like China steals IP from enterprises, or


The challenges of


information and network security are so vital that


they are exactly the type of issues that require centralized, decisive action when viewed on a national scale


allegedly places malware on SCADA systems connected to the power grid? What constitutes ‘terrorism’ is often a matter of perspective. When someone planted the Stuxnet malware at an Iranian nuclear facility – setting the country’s nuclear program back years – I’m certain it was met with consternation in some darker corners. To play Devil’s Advocate for a moment, what if the Iranian nuclear program really was intended to provide sustainable energy for the country? If so, then Stuxnet could be viewed as a terrorist attack meant to weaken the nation’s critical infrastructure. Let’s get back to my original point: the US falling behind on cybersecurity because of partisan wrangling over reforms. I would like to take a page out


of recent history and recall how Western countries have dealt with the prospect of physical terrorism. Quite simply, it has been confronted by the military and intelligence services, under the direction of the chief executive. If cyber-terror is a battle, then it makes perfect sense to extend the military apparatus to address the problem. After all, decisions in the military can be swift, and have at their core a central responsible authority – not 535 bickering members of Congress who are often more worried about their re-election prospects than protecting the public good. The great thing about a president – at least here in the US – is that they can only seek re-election once. It may sound draconian to ask that this power be vested in one person or branch of government, but sadly it appears this is the only way we will ever see movement on addressing the big tent that is ‘cybersecurity’. Organizations typically put the responsibility of security into the hands of one or a very few capable people – I believe we can learn much from this model. The challenges of information and network security are so vital that they are exactly the type of issues that require


centralized, decisive action when viewed on a national scale.


The objectives of any security program are to protect, prevent, or limit the damage to a particular asset. The role of government with respect to terrorism, in my view, appears to be the same. If we can put our trust in a prime minister or president to execute our military and police functions, then there should be no reason why this can’t be extended to defense in the digital world, provided there is a system of checks and balances inherent in most representative governments. For me, it’s a complex problem with a simple solution. Now that’s something we Americans can get behind.


Drew Amorosi, Deputy Editor May/June 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52