Network News

X My Profile
View More Activity

Where Is Our Cyber Defense?

By Alexandra Petri

The prolonged assault on American and South Korean websites that began July 4 shows why President Obama declared cyber security a priority of his administration. But it also highlights that, so far, we don’t have a coherent national cyber defense.

The attacks this past weekend targeted a wide array of sites within the public and private sector, from the National Security Agency to NASDAQ to Washington Post Digital. But this is no isolated incident. Literally millions of attacks occur on U.S. systems every day. The past several years have seen a spike in online attacks on government agency sites -- from 5,503 in fiscal year 2006 to 16,843 in 2008. The private sector, too, is continually under attack, with 280 million sets of data compromised last year alone. What is noteworthy about the attacks of the past week is how organized and effective they were -- some sites, such as that of the Department of Transportation, experienced 24-hour outages.

The government is doing something. Currently, the Department of Homeland Security is responsible for securing dot-gov sites and the Department of Defense handles dot-mil, both of which were targeted in the recent assault. And Defense Secretary Gates announced last month the creation of a “cyber command” to handle the Defense Department’s side, to be helmed by the director of the National Security Agency.

But as our defense grows, we need to make sure that whatever system develops is one that respects privacy. Like real war, cyber warfare has a tendency to take civilian casualties, and as the battle wages on, any hard lines between public and private threats will be easy to blur. As happened this weekend, the same attackers can target public and private sites. Collaboration between government and private cyber defenders to anticipate and thwart attacks is key to a successful defense, but there must be a system in place to protect privacy and make certain that the sharing goes both ways -- for instance, an anonymous, secure database where businesses and government entities can share information about ongoing threats and responses.

President Obama can start by appointing a cyber czar who will ensure our cyber defense doesn’t fall into the cracks between government agencies. And as we deal with threats that tread the line between public and private, we need someone in place to ensure transparency and accountability, too, so that it won’t infringe on the privacy we seek to protect.

By Alexandra Petri  | July 8, 2009; 3:20 PM ET
Categories:  Petri  | Tags:  Alexandra Petri  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: What Not to Say in Moscow
Next: In Russia, Obama's Limited Reach

Comments

Cyber Security and personal privacy aren't actually incompatible, allowing for the fact that tracing the source of a cyber attack will certainly pass through lots of sites that might ordinarily think themselves private.

Certainly anyone attacking any site, government, civil, commercial, or private can hardly claim rights to hide from his pursuers, and any site he passes through may be as properly examined as any private yard a thief runs through as he flees his pursuers. Once you behave in a way that makes you a part of the public cyber universe, (which means, basically, once you insinuate your self into that universe) you surrender your privacy to anyone who can penetrate whatever fences or firewalls you thought you put up.

We would ALL be better off if the concept of "privacy" in E-space were simply rejected as nonexistent and unworkable.

Anyone who chooses to be a denizen of the E-verse ought to expect to give up his E-privacy, and the mere attempt to hide your true identity ought to be considered an antisocial act. Giving aid and comfort to the providers of spam, e-fraud, or malware in all its malicious forms, especially by trying to assist in their retaining their privacy, should cause one to be e-shunned.

The CB mentality of "I am anonymous and can do any thing I want, so I am going to regularly disrupt as many conversations as I can" is becoming all too common on the few blogs and columns I frequent, and by extension must be quite common on blogs and columns in general. That supposed or claimed anonymity, along with the demands for privacy, lead to that CB mentality threatening to make the internet more or less unusable in its present state.

Perhaps there will come a time when subscription only sites are the only place one may hold meaningful discussions without nearly impenetrable harassment by the KOZ's and Jake D's of this universe.

Somewhere in this age of interconnectivity we will have to build a legal theory of what antisocial behavior ought to be criminal and how it ought to be regulated. The army of people who oppose that because it might somehow restrict spontaneity may consider that making strong arm robbery illegal restricts the spontaneity of the thug who discovers he needs the money for a brew or two and decides to get it from the next poor schmoe he meets.

Posted by: ceflynline | July 8, 2009 5:29 PM | Report abuse

Agreed. But, the 1st Amendment, our most important Amendment, protects free speech. Unless the trolls threaten violence, one must simply agree to disagree. Slights in the workplace are legal. Slights at public places are legal. And, as you believe the Internet is wholly public, then slights and insults are too expected. Perhaps not enjoyed. The 1st Amendment breeds dissent, not compliance. And that is healthy for a discussion. Granted, the discourse is not going to be of a high level, but, is censorship better?

Posted by: mj777nnnntgggg1 | July 8, 2009 5:57 PM | Report abuse

We (U.S.A.) must have some people out there well versed and capable enough to put a stop to anything North Korea can try to do to us. Put a bounty on shutting down their authorized or unauthorized hacking capabilities. Give our underground hackers a "get out of jail free" card for their dismantling of the North Korea internet. Sure looks easy in the movies.

Posted by: jgh2 | July 8, 2009 6:45 PM | Report abuse

OBAMA SLOTH NEGLECTS CYBER SECURITY

too busy Socializing private enterprise.

Posted by: JaxMax | July 8, 2009 7:04 PM | Report abuse

Is THAT why I couldn't access AOL, The New York Times, Boston.com or The Wall Street Journal until after 1:00 this afternoon?

Posted by: nicekid | July 8, 2009 8:28 PM | Report abuse

"Granted, the discourse is not going to be of a high level, but, is censorship better? Posted by: mj777nnnntgggg1 "

I am not advocating censorship, I am advocating knowing just who the troll is who decides to insult me. The difference is that, where people know who you are, you might be more circumspect in your insults, or more literate. "Privacy", or Anonymity encourages some people to believe in truly anti social ways, why only God knows, but the CB radio bands became more or less unusable after a while due to jammers, interrupters, and other anti communications types who seemed to feel that any conversation that was proceeding normally HAD to be meddled with. That mentality is here in the cyber world in ugly force. If the WAPO had an option do block posters each individual felt like ignoring, (so I could block Jake D and on my blogs his interruptions wouldn't appear) I would certainly use it.

Freedom of speech, as currently understood in legal terms, (no yelling fire...) should be about absolute. Including unpopular ideas and even insulting language, BUT, the e society should discourage the less civilized in the universe to break all sharp edges and round all dangerous corners. One may question the reading capability and marital status of ones opponent and the propriety machine won't even falter. Call him an illiterate B and the red text appears post haste. You can't even call an unripe cheese round a B, even though it is, and get by with it.

Free speech I don't object to. Anonymous speech, and its anti social results, I have a problem with.

Posted by: ceflynline | July 8, 2009 10:51 PM | Report abuse

The post by JaxMax illustrates the type of stable droppings we must endure in order to potect the 1st Amendment.

The problem with Denial Of Service (DOS) attacks is that the front line attackers can be unknowingly recruited over months by botnet constructors. They can then be activated by a single command. A criminal group can build a botnet and then sell a one-time activation command to any country or group that wants to rent a digital gang of thugs.

Posted by: Dennis12 | July 8, 2009 11:56 PM | Report abuse

China quickly ended massive drug abuse by draconian measures, you're caught, you're killed. The world should do the same with malicious hackers, life imprisonment, no parole, and even government agents may think twice. We control the internet and can easily stop servers that come from places like N. Korea. Yes they can go outside to do their damage, but face life in jail if caught.

Posted by: jameschirico | July 9, 2009 5:48 AM | Report abuse

Oh wow...another Czar - imagine that !!! Soon we'll have more Czars than Russia ever had. Most likely in this Administration the left hand doesnt know what the right hand is doing. If they cannot even protect Government buildings , how are they going to protect us at all ? Oh I forgot...Barry likes to talk talk talk talk talk talk....

Posted by: JUNGLEJIM123 | July 9, 2009 6:27 AM | Report abuse

OBAMA SLOTH NEGLECTS CYBER SECURITY

too busy Socializing private enterprise.

Posted by: JaxMax


So what did your friend *ush do for 8 long years???

Shut yer trap fool, you have no f'in clue!!

Posted by: smtpgirl08 | July 9, 2009 2:13 PM | Report abuse

The post by JaxMax illustrates the type of stable droppings we must endure in order to potect the 1st Amendment.

The problem with Denial Of Service (DOS) attacks is that the front line attackers can be unknowingly recruited over months by botnet constructors. They can then be activated by a single command. A criminal group can build a botnet and then sell a one-time activation command to any country or group that wants to rent a digital gang of thugs.

Posted by: Dennis12


And Dennis12, I'll bet 10 donut dollars thatJaxMax's PC has been taken over by botnets, but that foolish gem has no friggin' clue!!

Cyber Security starts at home. What helps, current working anti-virus software, spyware/malware detection software, reducing internet browser cache, removing old temp files, turning off pc/laptop when finished.

But JaxMax probably does none of this.

Posted by: smtpgirl08 | July 9, 2009 2:16 PM | Report abuse

This is one area that does not need a Czar. It is too diverse and varied. In the early 1990's the NSA tried to impose "keys" on the internet. The idea backfired.

Granted the Pentegon, NSA,CIA have one set of needs. The White House, Congress and non-miltary departments are targets and have other. Linked efforts and sharing of information is hard work in D.C. but in the longer run is better than a one size fits all approach.

Posted by: Landknelson | July 10, 2009 6:18 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company