The Need for Constant Vigilance Against Cyber-attacks
Others, such as the phone networks, both wireless and land line, have had computer networks for years, but in many cases they were designed for a world in which cyber-attacks didn't exist. These networks have been, or in some cases are being, retrofitted with greater security, but in all but the newest installations were never designed as true secure systems when they were built. While there's no sign that anyone has managed to break through their security yet, there's also no way to tell for sure. It's entirely possible that these communications networks have been penetrated, malware of some kind inserted, and then left for the day when the attack is to take place. In these older systems, it's not clear that anyone would be able to tell.But even if these parts of our critical power and communications infrastructure haven't been penetrated, it's certainly vital that they be protected. After all, a cyber-attack that brings down large parts of the power grid and at the same time knocks out wireline and wireless communications could cause a serious blow to the United States. It could be the beginning of a crippling attack that could leave the nation reeling for years.It would be one thing if these attacks were simply theoretical, but they're not. U.S. military networks are under nearly constant attack from a variety of sources. Companies and organizations that do business with the government are also under attack, both for the information they may have and because they might be able to provide a pathway into the federal government's computers and networks. Even universities that work with the government are under constant attack. When I was performing firewall testing for another publication at the University of Hawaii a few years ago, we found that the cyber-attacks would begin within 30 seconds of a new device showing up on the network. That was about 10 years ago, and the situation has gotten an order or magnitude worse since then. So the question shouldn't be whether the NSA will go too far in guarding the nation's communication networks. The question should be how can we work with the NSA to make sure that all of our critical infrastructure is as well-protected as possible. If the agency has the expertise to really detect a cyber-attack before it can cause damage-and it does-then we need to take advantage of that expertise. The NSA, rather than going too far, needs to be sure it's going far enough. Right now the critical infrastructure in the United States, and in other Western nations, is at risk. We need to make sure that all of us are up to defending against that risk.