National Security is an IT Concern
This Fourth of July, vigilanceas well as patriotismwill be in the minds of many. This is appropriate. Given the terrorists attacks of Sept. 11, we all should be on the lookout for ways to protect our country. But how can we spend our energies most effectively? Common sense leads us to believe that brute-force attacks on buildings of national significance might succeed only once.
We can trust terrorists to covet other targets. What needs our attention now is the soft underbelly of our economythe IT systems that store our collective digital memory, connect our scattered organizations and implement mission-critical processes.
Digital data is the lifeblood of our economy. And if protected, bits can last a very long time. But once spilt, those unique 1s and 0s can never be recovered.
We cant rely any longer on the comforting urban legend that the Internet is impervious to attack. The Internet is a massive collection of remotely accessible, often poorly maintained networks supported by software systems with little diversity and a history of serious security flaws.
Fragile software is one major area of risk. The January 1990 systemwide meltdown of AT&Ts phone network, the August 1996 nine-state power grid failure and the April 1997 partial Internet collapse were all tremendously destructive accidents. What if these systems are skillfully targeted?
Another concern is the vulnerability of the Internet to physical attack. While the Net is resilient to individual routes dropping off, a few well-placed attacks at major peering points, at cable choke points at bridges and tunnels, or on cross-country runs beside isolated rail lines would be very damaging. A chemical fire in Baltimores Howard Street tunnel disrupted area Internet traffic for days last July.
Officials are not unaware: "Our enemies will use our technology against us, just as the hijackers used our planes," said White House cyber-security chief Richard Clarke in a February speech. As technologists, we know about those problems better than anyone. Lets do our part to make sure that by next July 4, the IT systems our society depends upon are far better protected than they are now.