Cyberspace Security:  Are We Losing The Battle?

In a report provided to the incoming Obama administration, the CSIS (Center for Strategic & International Studies Commission) has come up with more than two dozen recommendations about how to more effectively defend cyberspace. The report released December 8, 2008 for the 44th Presidency warns that America is losing the battle to protect cyberspace. Their findings are both a matter of concern from the security standpoint and the implications and opinions in the report are cause for concern from a financial cost standpoint, given the current economy.

Securing Cyberspace for the 44th Presidency
As reported by Information Week, the CSIS report, Securing Cyberspace for the 44th Presidency asserts that cybersecurity is a strategic issue on a par with weapons of mass destruction and a global jihad that can no longer be relegated to information technology offices and chief information officers. Identifying cybersecurity as one of the major national security issues facing the country, the CSIS commission's report calls for a comprehensive national security strategy that also respects American values related to privacy and civil liberties. Their report stresses that greater cybersecurity should reinforce the rights of citizens and not come at the expense of their rights. ABC News reported that President-elect Barack Obama should create a new White House office to protect cyberspace from hackers, thieves and foreign agents. This would allow the United States to coordinate security efforts across U.S. military, intelligence and civilian agencies, again referencing the report from the CSIS.

How Bad Is It?
With all the gloom and doom, it is sometimes difficult to keep perspective. So lets look at a baseline. Have you or anyone you know ever had a machine hacked? How about a virus infection? Or maybe you have received a piece of SPAM with an unwanted payload? Have you or anyone you know ever gotten infected with some malware that reports home or takes moderate to complete control of your computer? Show of hands! Okay, those of you who said no must have the best security in the world, or as Hugh Laurie would say on House, Everyone lies. It is hard to admit, particularly to your peers, that you or your machine were vulnerable to an attack. That is just what the CSIS is saying in their report. They assert that America's strategic situation today regarding cybersecurity is analogous to Germany's during World War II, when German military leaders overestimated the strength of their cryptographic codes. The report reads that "The United States is in a similar position today, but we are not playing the role of the British (who cracked Germany's Enigma codes). Foreign opponents, through a combination of skill, luck, and perseverance, have been able to penetrate poorly protected U.S. computer networks and collect immense quantities of valuable information." In other words, The United States of America has been hacked.

Who Exactly is the CSIS?
Founded at the height of the Cold War by David M. Abshire and Admiral Arleigh Burke, the CSIS was dedicated to the goal of finding a way for America to survive and prosper as a nation and people during the Cold War. Since 1962, CSIS has grown to one of the worlds preeminent public policy institutions. The CSIS is a bipartisan, nonprofit organization, headquartered in Washington, D.C. with more than 220 full-time staff and a large network of affiliated scholars who focus their expertise on defense and security in a world whose boundaries know no limit in an increasingly connected world.

Who Else is Weighing In on this?
Many people are. For example, Marcus Sachs, executive director of government affairs and national security policy at Verizon and a member of the CSIS commission, thinks the analogy of the German Enigma codes is a fair one. "Unfortunately, that's what we're facing at the moment," he says. Sachs goes on to say that cybersecurity must become a national priority. "The essence of cyberspace is now the soul of our country, this is what we are. A hundred years ago, you'd have said heavy industry is our soul. Now it's cyberspace." Alan Paller, director of research for the SANS Institute, one of the largest and most trusted sources of information security training, certification & research in the world said that "The reality is that the secret briefings given to the president, the National Security Council, and others show MUCH greater losses than have been publicly acknowledged, the proof, if you need confirmation, comes from President Bush's approval of the 11 digit (tens of billions of dollars) price tag for the new Cyber Initiative that the commission report says should be built upon. That's a huge price tag and you can guess what was disclosed to him to get that level of spending."

What Does The Report Include?
The reports recommendations to the incoming Obama administration includes more than two dozen items which concern more effectively defending cyberspace. These include items include a declaration of commitment to protecting cyberspace, increasing organizational efforts to coordinate such protection, rebuilding public-private partnerships to protect cyberspace, regulations for securing critical cyber infrastructure, and stronger identity management capabilities. The report does acknowledge that different concerns including privacy, law enforcement, business, technology, and national security may have differing views on the subject of cybersecurity, but makes the argument that we must make the broad national interest the lodestar for our decisions."

How can I get more information on this subject?
We strive to stay up to date and provide you with the latest information available. You can also follow the technical news and see what is happening. If you have questions or comments about this article or if there is anything new on the subject, contact me. I would be happy to respond!
 

All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Hagerman & Company, Inc. assumes no obligation to update the forward-looking statements made in this newsletter to reflect any change in circumstances, after the date of publication. Entire contents 2008 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden