Information Security Rises to the Top

Information security ceased being merely a desirable option long ago. But even its long-extant status as a requisite pales in comparison to its current situation. Simply put: Information security is the glue that holds any information-age society together. No other endeavor may be as important to our technology-driven society.

As the information age unfolded, networked nations embraced information technology across a broad spectrum of military, civil government and business areas. New uses quickly emerged, and applications never before imagined became necessities in short order. As a result, the infosphere transitioned from a great convenience to a foundation of 21st century society. But, as with any valuable asset, the infosphere now is the target of a wide range of malevolent operators—and, unlike in the typical Hollywood ending, the bad guys now are winning.

The greatest threat to cyberspace no longer is the clever hacker. Now, organized crime and hostile governments are infiltrating every corner of the information realm. Their motives may differ widely, but their effects can be devastating to a variety of degrees. In purely financial terms, banks can be looted of major holdings through cyberspace. Every major financial institution has set aside funds to cover cybertheft losses each year. However, those losses are mounting, and banks soon may no longer be able to cover those costs.

Beyond local finances lies the potential for collapse of the economic system—not unlike that of last year’s credit market crash. In this scenario, cybermarauders could fleece depositors of their financial holdings or hijack online commercial transactions to divert money away from merchants and toward the perpetrators’ own financial accounts. These cybermarauders could be criminal profiteers or rogues seeking to bring down a Free World nation’s economy. Regardless of their intent, the effect would go beyond mere financial losses. People would lose confidence in their business institutions and in online transactions of any kind, which likely would lead to a collapse of the banking industry along with e-commerce.

In broader terms, cyberspace criminals also threaten innovation and economic growth. Cyberthieves are running rampant through the infosphere, and snatching money may not be their only goal. Industrial espionage has become a major profit enterprise for seasoned intruders who can either steal specific business secrets on order or sell independently purloined information to the highest bidder. This crime threatens to undermine the entire research and development enterprise, as companies that dedicate billions of dollars to innovation could see their competitive advantage wiped out with the swipe of a cursor. A nation such as the United States, which has built its economy around innovation and entrepreneurship, could see its economic edge disappear rapidly as competitors are able to market stolen innovations without factoring in research costs.

All of these threats confront the military. Modern militaries have committed to network-centric forces, and therein lies the vulnerability that every adversary hopes to exploit. The currency of the network-centric military is information, and cybercrime or espionage can wreak the same degree of devastation to military operations that they pose to the economy. With the military adopting commercial information technologies and capabilities, the security threat that challenges the private sector extends to the military arena.

So the seeds of destruction are sown. The challenge is to prevent that bitter harvest without destroying the very field that needs to be protected.

As with any type of security, the weakest link defines its ultimate effectiveness. The information age cannot hope to implement a perfect information security architecture—attaining such an environment is neither reasonable nor desirable. But government, industry and the public can work together to implement effective information security. Many information technology experts believe that government can—and should, without delay—take the lead in this effort.

But even if government establishes a common set of standards agreed to by all, security will remain a long-term ongoing effort for all users of information technology. Risk management can, and must, play a role in information security, but implementing it no longer is a matter of choice—it now is a matter of survival.

 —The Editor