« User Monitoring: Sacrificing the privacy of few to protect the information of many? | Main | Get Ready! New Cybersecurity Standard For American Businesses. »

Cybersecurity: How Far Should The Government Go To Protect Cyberspace?

By Dominique Levin
VP Marketing & Strategy

The debate between the privacy rights of individuals and the information protection of the public rages not only in private enterprises, but also at the national level: how far should the government go to protect cyberspace? There are several bills currently being circulated. The two primary initiatives are the 2009 Cybersecurity Act, introduced on April 1, 2009 by Senator Olympia Snowe (R, ME) and Senator Jay Rockefeller (D, WV) and the ICE (Information and Communications Enhancement) Act (print here) introduced into the Senate on April 28, 2009 by Senator Thomas Carper (D-Del.).

Much of the public commentary on these initiatives seems to be negative, expressing concerns about privacy or free-market principles. Twitter was full of quotes about the Cybersecurity Act’s proposal to give the president powers to “shut down the Internet”.

Jennifer Granick of the Electronic Frontier Foundation laments that the language in the second excerpt would give the Commerce Department “absolute, non-emergency access to ‘all relevant data’ without any privacy safeguards like standards or judicial review.”

Others are opposed because of the impact on competitive, free-market enterprise: “Some see the Act as indicative of sweeping changes toward government regulation of private entities and worry that unintended consequences of these changes could impact competitive, free-market enterprise”.

Of course there are those, who strongly support the initiatives:

Senator Olympia Snowe [R, ME]. says of the cybersecurity act: “If we fail to take swift action, we, regrettably, risk a cyber-Katrina.”

Alan Paller, director of research at the SANS Institute, appearing before the Senate Homeland Security and Governmental Affairs Committee on Tuesday, called the federal government's cybersecurity defenses "childlike," and the work accomplished under FISMA "embarrassing."

It is shocking however that not much has been written about exactly how much is at stake when it comes to cybersecurity. This is surprising because the Department of Defense, intelligence community and other agencies agree that cybersecurity is one of the greatest security challenges the US faces today. In fact, the language of a 96-page report on Cyberspace: “Securing Cyberspace for the 44th Presidency”, a report of the

CSIS Commission on Cybersecurity for the 44th Presidency published in December 2008, uses very strong language to describe the threats:

“The enemy: foreign intelligence agencies, militaries, criminals – the most dangerous opponents are militaries and intelligence services of other nations. They are sophisticated, well resourced and persistent. Their intentions are clear and their successes are noticable”

“Secure cyberspace for the free exchange of ideas and commerce and to protect critical national assets from damage or attack (both infrastructure and information)”

“Depriving Americans of electricity, communications and financial services may not be enough to provide the margin of victory in conflict, but it could damage our ability to respond and our will to resist”

“Cyberspace is a central element for many companies’ business plans – how they manage their supply chains and their internal services and how they work with their customers”

“Damage from cyber attacks is real: in 2007 the Department of Defense, State, Homeland Security, Commerce, NASA, National Defense University all suffered major intrusions by unknown foreign entities – the Department of State lost terabytes of information”

“The US is losing the cybersecurity battle”

The report also warns that in the cyberwar, the US is currently playing the part of the Germans in World War II, who relied on their Enigma encryption system, but suffered a significant competitive blow when such system was cracked by the British Ultra.

Being a native Dutch-woman, I am also reminded of the Battle of The Netherlands, also in World War II, for a history lesson. There are parallels between the lack of preparation of the Dutch to resist the German invasion and the American apparent reluctance to ‘arm’ itself for cyberwar:

The Battle of The Netherlands lasted five days, and the Nazi German occupation that followed lasted five years, during which over 250,000 Dutchmen died, before the country was liberated. That was 2.5% of the population, equivalent to 7.5 million Americans. Just like in America today - in the Netherlands all the conditions were present for a successful defense: a dense population, wealthy, young, disciplined and well-educated; a geography favoring the defender and a strong technological and industrial basis including some armaments industry. However, these had not been exploited: the Dutch had not expanded their military equipment since before the First World War. On the one hand there was the modern German army, with tanks and dive bombers and on the other hand the Dutch army, with only 39 (!) armoured cars and 5 (!?) tankettes, and an airforce for a large part consisting of biplanes. Partly this was based on the desire not to antagonize its major trading partner (Germany), partly betting on a policy of neutrality and partly made inevitable by a policy of strict budgetary limits during the Great Depression (see the parallels?).

Back to the report “Securing Cyberspace for the 44th Presidency”:

“To meet this new threat we have relied on industrial-age government and industrial-age defense”

“The organization of the federal government, especially how agencies exchange information, dates from the 1930s or earlier and is part of the reason that we are vulnerable”.

The bottom line: the threat to our cybersecurity is a strategic issue on par with weapons of mass destruction and global jihad, where the federal government bears the primary responsibility. A failure to act decisively and to be overly concerned with citizen’s false sense of privacy, could lead to a much greater threat to our democratic traditions and citizen’s rights.

A final quote from “Securing Cyberspace for the 44th Presidency”:

“In cyberspace the war has begun”

“The evidence is both compelling and overwhelming”

Posted May 01, 2009 in | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• InformationWeek
• CRN
• eWeek
• IT Manager's Journal
• The Reg
• TechWeb
• The Merc
• IT Architect
• C/Net
• Security Focus
• Slashdot
• SANS
• CIO Insight
• OSF DataLossDB | Data Loss News, Statistics, and Research