Forewarned, but Not Forearmed, Against Cyberthreats
The Internet isn't any safer now than in 1982 when it began as a four-node network connecting a handful of U.S. Defense Department academics to exchange digital files. This revelation comes despite efforts over the years to patch holes and conceive mighty notions that safe Internet usage is achievable. In his viewpoint article, "Cybersecurity Policy and Strategy Need a Dose of Reality" by Contributing Editor Col. Alan D. Campen, USAF (Ret.), in this issue of SIGNAL Magazine, Campen draws on his own early predictions of what has come to pass, along with what could be done to achieve cybersecurity. In seemingly endless hearings before congressional committees and cyberconferences, military, civilian and private-sector officials complain that in spite of significant efforts and money, the information infrastructure may not be available during crises. Finding that "the energy of the national dialogue on cybersecurity has not translated into progress" and that the nation is still unprepared to meet the challenge, the Center for Strategic and International Studies issued a report, "Cybersecurity Two Years Late," concluding that the United States must "rethink its policies and institutions for cybersecurity." The Internet's open architecture, Campen relates, is so admissive of malicious activity that it has been called one of the greatest threats to U.S. national security. Because of information tools that private industry carelessly employs, users have become default architects of the evolving Internet. Top experts from various disciplines have expressed alarm, noting that today's digital natives have only known life with the Internet with no innate understanding of its true vulnerability. More discouraging is a Government Business Council report titled "Cybersecurity in the Federal Government," which states that officials often bypass security controls on purpose "to get things done." There are several options to rethinking cyberpolicy and strategy. First, governments must make painful cost-risk-benefit decisions when their own policies collide. Another is to banish the word "war" from the cyber lexicon so that every incident is no longer so dramatically labeled that it feeds unproductive hype and nourishes an ever-hungry cybersecurity industry. And, Campen emphasizes, lingering notions that leadership and governance can play a meaningful role in cybersecurity will be frustrated further as the Internet morphs ever more deeply into the pocket and purse of the feckless user-already the weakest link in the cyberchain. Few information-age challenges can be countered effectively by revising industrial-age laws, or by crafting nation-state agreements and protocols to protect the Internet. Do you agree? And if so, can this point successfully reach decision makers? Share your opinions here.