Editorial: Time to Refocus on Cybersecurity

Although there’s been an uptick in the attention paid toward cybersecurity over the past few years, little has been done in terms of increasing awareness about how this relates directly to national security. When compared with the billions upon billions that have been spent fighting terrorism overseas, our nation’s efforts in this arena, thus far, appear to be somewhat less than serious.

There’s little doubt that the internet has been one of, if not the primary driving force for commerce and communications thus far in the 21st century. It’s a trend that’s likely to continue for the foreseeable future.

The public sector has reaped the many benefits of connectivity as well, parlaying the internet into a cost-savings tool, a venue for transparency, and, perhaps most importantly from the perspective of government services consumers, a welcomed time saver.

Never is this more apparent to me then when I go to renew my vehicle registration, which I have done online for several years now. The convenience factor cannot be understated, as anyone who has ever been forced to stand in line at New Jersey Motor Vehicle Services can attest.

Tasteless yet perhaps appropriate comments about the Great Garden State aside, it got me thinking about the role that convenience plays in our lives today, and how the internet has made much of it possible. More specifically, I found myself pondering how life often grinds to a halt when our electronic communications systems go down, and why the most effective weapons of contemporary warfare will take advantage of this simple fact.

Now, I’m not the first person to make this connection – far from it. Nevertheless, several items highlighting the cybersecurity issue have made the news as of late. Among these are the Stuxnet malware, and legislative proposals seeking presidential emergency powers over the internet and critical infrastructure in the event of a cyber attack.

Unfortunately, we have seen this type of short-term spotlight on the topic before but have yet to witness a sustained national dialogue on the fundamental link between cybersecurity and national security.

The nature of warfare in this world is changing. The internet, with its ability to connect all parts of the globe, will undoubtedly be the primary weapon of choice in causing major disruptions, whether they come from foreign states or terrorist actors. Gone are the days of battleships, bombers, and bayonets.

"If sound information security lies in properly assessing risk, then shouldn’t this also hold true for national security in the digital age?"

All of the focus on nuclear weapons programs in countries like Iran and North Korea strikes me as relatively short-sighted, especially if one looks at the ‘battlefield’ from a risk-reward perspective. After all, why would terrorists, for example, continue to plan physical attacks in the future, when the tools of digital terrorism have the potential for greater destruction and are far simpler to execute with the proper knowledge.

The emergency powers enumerated in this latest cybersecurity bill require careful deliberation. While there are many points to consider, it should be noted that such a move is not without precedent. Think Lincoln and Habeas Corpus.

After all, in true American spirit, we are not talking about unrestrained emergency powers in this proposal. Measures instituted during a cyber threat emergency would be subject to Congressional review after 90 days, with emergency declarations lasting only 30 days each. It’s a serious approach for a serious threat, all done within our nation’s predisposition toward checks and balances. It’s the power to deal with an emergency swiftly, but not indefinitely.

If sound information security lies in properly assessing risk, then shouldn’t this also hold true for national security in the digital age? Just a little morsel for you all to nibble on.

What’s hot on Infosecurity Magazine?