The Need for Constant Vigilance Against Cyber-attacks
Email
Print
Others, such as the phone networks, both wireless and
land line, have had computer networks for years, but in many cases they were
designed for a world in which cyber-attacks didn't exist. These networks have
been, or in some cases are being, retrofitted with greater security, but in all
but the newest installations were never designed as true secure systems when
they were built.
While there's no sign that anyone has managed to break
through their security yet, there's also no way to tell for sure. It's entirely
possible that these communications networks have been penetrated, malware of
some kind inserted, and then left for the day when the attack is to take place.
In these older systems, it's not clear that anyone would be able to
tell.
But even if these parts of our critical power and
communications infrastructure haven't been penetrated, it's certainly vital
that they be protected. After all, a cyber-attack that brings down large parts
of the power grid and at the same time knocks out wireline and wireless
communications could cause a serious blow to the United
States. It could be the beginning of a
crippling attack that could leave the nation reeling for years.
It would be one thing if these attacks were simply
theoretical, but they're not. U.S.
military networks are under nearly constant attack from a variety of sources.
Companies and organizations that do business with the government are also under
attack, both for the information they may have and because they might be able
to provide a pathway into the federal government's computers and networks. Even
universities that work with the government are under constant
attack.
When I was performing firewall testing for another
publication at the University of Hawaii
a few years ago, we found that the cyber-attacks would begin within 30 seconds
of a new device showing up on the network. That was about 10 years ago, and the
situation has gotten an order or magnitude worse since then.
So the question shouldn't be whether the NSA will go too
far in guarding the nation's communication networks. The question should
be how can we work with the NSA to make sure that all of our critical
infrastructure is as well-protected as possible. If the agency has the
expertise to really detect a cyber-attack before it can cause damage-and it
does-then we need to take advantage of that expertise. The NSA, rather than
going too far, needs to be sure it's going far enough. Right now the critical
infrastructure in the United States,
and in other Western nations, is at risk. We need to make sure that all of us
are up to defending against that risk.
Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazineÃÃÃs Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.
