Cyber-attack Threat Justifies NSA Vigilance

By Wayne Rash  |  Posted 2010-07-08

Cyber-attack Threat Justifies NSA Vigilance

The United States is under attack. Right now most of the attacks are against the commercial interests of the United States, much like the attacks against Google earlier this year in which the Chinese government attempted to breach the company's security to steal source code and to learn the identities of human rights activists.  

But those attacks are expanding to cover a wide variety of government and private interests outside of China and other nations with similar aims. The problem, in fact, has reached the point where radio ads for cyber-security services are beginning to crowd off the ads for airborne tankers and fighter jets that usually populate the airwaves here in Washington.  

Yes, I know that it's kind of a stretch to gauge any trend by the frequency of advertising in D.C., but like anything else, if a need is perceived, there will be money to be spent. Here in Washington, we get a constant barrage of ads on the radio, on bus signs and in the newspaper for everything from armored personnel carriers and warships to fighter jets and missile systems. But now the focus is changing to cyber-security. 

There's a good reason for the change in emphasis. The Obama administration has begun to make cyber-security a priority, the National Security Agency has been working on the problem for many years, and in fact has been conducting tests of cyber-security readiness. It also has been giving awards to security professionals for their work in the area. Meanwhile, the head of the NSA, Lt. General Keith Alexander, has told the Senate Armed Services Committee that he's going to work to protect the rights of Americans against cyber-criminals. 

According to Brian Prince's story in eWEEK, the NSA is developing a program to monitor attempts to attack interests in the United States. The story quotes the Wall Street Journal as saying that a number of government networks, as well as some private networks, would be outfitted with sensors to detect attacks. The story also quotes the Journal as saying there are those who believe that the NSA is going too far and that this could be an attempt by the agency to gather more information on American citizens. 

The fact is that if such a program to monitor critical infrastructure for signs of cyber-attacks actually exists, then the biggest concern should be whether it goes far enough. Much of the infrastructure in the United States that the NSA is allegedly going to monitor has been in existence for decades. Some, such as the national power grid, consist of components that were never designed for computer control when they were built, but now depend on such control to remain operational.  

The Need for Constant Vigilance Against Cyber-attacks


Others, such as the phone networks, both wireless and land line, have had computer networks for years, but in many cases they were designed for a world in which cyber-attacks didn't exist. These networks have been, or in some cases are being, retrofitted with greater security, but in all but the newest installations were never designed as true secure systems when they were built. 

While there's no sign that anyone has managed to break through their security yet, there's also no way to tell for sure. It's entirely possible that these communications networks have been penetrated, malware of some kind inserted, and then left for the day when the attack is to take place. In these older systems, it's not clear that anyone would be able to tell.  

But even if these parts of our critical power and communications infrastructure haven't been penetrated, it's certainly vital that they be protected. After all, a cyber-attack that brings down large parts of the power grid and at the same time knocks out wireline and wireless communications could cause a serious blow to the United States. It could be the beginning of a crippling attack that could leave the nation reeling for years. 

It would be one thing if these attacks were simply theoretical, but they're not. U.S. military networks are under nearly constant attack from a variety of sources. Companies and organizations that do business with the government are also under attack, both for the information they may have and because they might be able to provide a pathway into the federal government's computers and networks. Even universities that work with the government are under constant attack.  

When I was performing firewall testing for another publication at the University of Hawaii a few years ago, we found that the cyber-attacks would begin within 30 seconds of a new device showing up on the network. That was about 10 years ago, and the situation has gotten an order or magnitude worse since then.  

So the question shouldn't be whether the NSA will go too far in guarding the nation's communication networks. The question should be how can we work with the NSA to make sure that all of our critical infrastructure is as well-protected as possible. If the agency has the expertise to really detect a cyber-attack before it can cause damage-and it does-then we need to take advantage of that expertise. The NSA, rather than going too far, needs to be sure it's going far enough. Right now the critical infrastructure in the United States, and in other Western nations, is at risk. We need to make sure that all of us are up to defending against that risk.

Rocket Fuel