President-elect Barack Obama has promised to appoint a national cyber-security adviser. According to a report by the Defense Science Board, the cyber-security czar will inherit a civilian and military information infrastructure that is ill-prepared for advanced cyber-attacks, such as denial of service and malicious modification of information. The United States' vulnerability to cyber-attacks in space presents a particular challenge for the new leaders.
President-elect Barack Obama will inherit a Department of Defense
increasingly concerned about advance cyber-threats to the nation's civilian and
military information infrastructures, according to a report by the Defense
The Board, a federal advisory committee established to provide independent
advice to the Secretary of Defense, said in its Nov. 4 report, "Defense Imperatives for the New Administration,"
(PDF) that while many cyber-security studies are under way and budgets are
being developed under President Bush's classified National Cyber Security
Initiative, much more needs to be done. The National Cyber Security Initiative
was begun in January and is estimated to cost as much as $30 billion over the
next seven years.
"There has been little actual progress to date in terms of implementing
cyber-security improvements against advanced threats," the report stated. "The
options open to adversaries are many and varied."
In particular, the report singles out the U.S.
approach of a "perimeter defense," placing digital fences around
computers, weapons systems or networks to ward off would-be penetrators.
"It has been shown repeatedly that perimeter defenses can be defeated,
sometimes by rather unsophisticated attacks and almost always by more advanced
approaches," the report stated. "The United
States has highly sophisticated experts, and
[when] they have been asked to penetrate our own systems their record of
success is 100 percent."
Click here to read about how even the recent presidential campaigns fell victim to cyber-attacks.
The board recommends that the new administration "accelerate
implementation of near-term, well understood measures to improve cyber-defense,"
including the use of automated tools and algorithms to detect suspicious
activity, much more frequent upgrades to hardware and software elements of
critical systems, and creation of a means of reconstituting the network using
an independent communication path not associated with the compromised network.
The panel also expressed concern about space-based security assets that
surveillance, communication and navigation services depend heavily upon.
"While many defensive measures will need to be taken over time, we
recommend that improvements to space situational awareness be the immediate
first step," the panel said. "Understanding what the threats to our
space assets are, where they are and what they may or may not do underlies all
other defensive actions."
The Bush administration has been widely criticized by security experts as
de-emphasizing cyber-security and hamstringing the authority of officials in
charge of governmentwide cyber-security.
Obama, though, said in July, "As president, I'll
make cyber-security the top priority that it should be in the 21st century. I'll
declare our cyber-infrastructure a strategic asset, and appoint a national cyber-adviser,
who will report directly to me."