Opinion: The feds lag on cyber-security.
Sept. 11, 2001, one of our nations darkest hours, was one of the finest hours for IT and IT professionals. In eWEEKs coverage following the terrorist attacks, our lead headline read, "IT puts N.Y. back in business." Financial organizations such as the New York Board of Trade, whose home in the 4 World Trade Center building was crushed under the South Tower, were doing business less than a week later because of the foresight of people such as NYBOT Executive Vice President of Operations Pat Gambaro and Senior Vice President of IT Steve Bass.
IT was not the target that day; buildings and people were. In the aftermath of human tragedy, it was easy to dismiss the importance of data, storage and networkswhich are, after all, inanimate. But IT operations and corporate data continue to face a threat from terrorism that could cripple the nation. So far, its a threat that the federal government has given only token attention. We think that is a mistake.
The holes in our nations IT infrastructure are there. eWEEK reported in its Sept. 4 issue that Sandia National Laboratories has a large staff (known as its Red Teams) dedicated to finding and fixingor helping local governments and companies throughout the country to fixsecurity vulnerabilities in power, water, data and financial systems. "Its clear that the threat and risk level has never been higher for cyber-security," said Michael Skroch, leader of Sandias Red Teams, in Albuquerque, N.M. "And its not getting better."
Al-Qaeda and its sympathizers plan sophisticated, coordinated attacks, often over the Internet, which puts them and perhaps the skills of a criminal hacker organization a few steps away from executing a cyber-attack. This realization spurred the formation in 2003 of the National Strategy to Secure Cyberspace, but, since that time, very little has been accomplished. The cyber-czar post has been a revolving door and has been vacant about a year, though it now appears President Bush is about to appoint a new director.
Whats more, government agencies, from the House of Representatives Committee on Government Reform to the Government Accountability Office, repeatedly have found that the Department of Homeland Securitys own systems and those in many other branches of government failed preparedness tests for a cyber-attack.
The IT infrastructure of the nations private sector is vulnerable, too. A recent survey by the Ponemon Institute, a privacy management research company in Elk Rapids, Mich., reported that only 37 percent of IT professionals say they believe their company is effective at detecting data breaches.
It would not take big bucks to get the cyber-security program moving againjust the attention and energy that the administration has already said the problem deserves. The fact is, continued neglect invites an attack.
Tell us what you think at firstname.lastname@example.org.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.