Teetering on the brink of critical infrastructure protection
The new level of cooperation between the Homeland Security and Defense departments could be a positive development for cybersecurity, writes blogger Brian Robinson. But other signs are less encouraging.
Are the ducks finally lining up on cybersecurity? The recent memorandum of agreement between the departments of Defense and Homeland Security, who for years have been butting heads on cybersecurity responsibilities, is one positive sign.
If we depart from the cynical view, which would have this as nothing more than window dressing for the public and Congress, then we can expect better coordination and information sharing between the two departments going forward. Hopefully, that ultimately means a much better approach to protecting critical infrastructures.
And none too soon. The Stuxnet worm that reportedly devastated Iran’s energy infrastructure is being seen as the most visible evidence of a trend toward more “professional” coding of malware aimed at country’s infrastructures. Some are calling it the blueprint for a new generation of cyberweapons that will be used in a rapidly developing Cyber War.
A DOD official was quoted as saying the agreement with DHS was needed because the United States doesn’t have either the time or the money to develop cyberdefenses twice over. DHS Secretary Napolitano and DOD Secretary Gates called it the beginning of a new framework for coordination and joint program planning between the departments.
If this all works out as planned then it will be quite few steps on from where the public perception is right now, with a large majority in a recent Narus poll saying government is wildly unprepared to defend against cyberattacks. Industry didn’t fare much better.
How much does this positive outweigh the negatives? Good question. Symantec’s 2010 Critical Information Infrastructure Protection survey reported that more than half of America’s infrastructure providers have experienced politically-motivated cyberattacks. Those were presumably made by the kinds of people who launched Stuxnet, not the relatively unsophisticated hacker stuff that predominated in years past. And it’s likely to only get worse.
Outside of the feds and industry, state and local governments also have a big responsibility for critical infrastructure, of course, and they are getting hammered by the recession. A new study found that nearly four-fifths of state chief information security officers reported stagnant or slashed budgets that pose “a serious problem that stifles their ability to adequately handle growing internal and external threats.”