In the mid-90s, as the chief strategist at Netscape, I worked with hundreds of industry thought leaders in dozens of companies to rapidly position them to gain their unfair share of the massive set of opportunities created by the Internet.
Today, the visions partially created and enabled by Netscape have mostly become reality and eCommerce, eProcurement, eBilling and customer self help have all become common place. The Internet is now a critical part of our daily lives of all those in business, government and education. Our nation’s dependence on the Internet and computers make us extremely vulnerable to cyber attacks by rogue nation states, terrorist groups, organized crime and others.
In the rush to enable organization of all sizes and across every industry, little did any of us realize how fast the Internet would evolve to become a weapon. The United States and the world is unprepared for the disruption that will occur if a substantial cyber attack is launched against the information infrastructure that powers the global economy.
This is not just my opinion – it is the opinion of other high-profile experts in the military, intelligence and private sector. Efforts to fortify the information infrastructure used by the general public and businesses around the world are minimal at best. In this tough economic environment, convincing businesses to invest in security measures to protect corporate computers and networks for something that really has not happened and they believe only “might” happen is next to impossible. That is evidenced by the fact that 70 percent of small and medium sized enterprises will move into 2009 with computers and networks at risk.
Once President Elect Obama takes office one of the first things he will do is to implement his plan to revive the economy of the United States. He has spoken of making investment in our nation’s physical infrastructure (bridges, roads etc…), but he must also address our nation’s information infrastructure (wired and wireless).
This is where he can get a two-for-one.
Our nation’s adversaries have increasingly turned to cyber attacks and cyber espionage as a means to inflict harm. The President-elect’s economic stimulus package should include fortification of existing infrastructure as well as building security into the new information infrastructure.
The following are the top areas where investment is needed to guard against cyber attacks:
Research and development funding for security software development practices with automated security testing capabilities;
Develop and deliver a broad spectrum of security training for everyone – end users, security professionals, software developers, call center staff and others;
Develop the ability to quickly block or isolate our nation’s information backbone for external cyber attackers;
Create regulation that holds the computer and network owners accountable and mandate every computer connected to the Internet be updated with the latest patches and protective security software;
Define minimum security standards for businesses and organizations that serve to protect our nation’s intellectual property.
The current perimeter defense mindset designed to ward off would-be penetrators must give way to a mandated, proactive approach that protects information against ex-filtration.
Addressing the information infrastructure and cyber security as part of the economic stimulus package is a strategic imperative for the new administration.
The administration must work with the international community to create comprehensive legislation around cyber crime, cyber attacks and even cyber warfare. In addition, they must aggressively investigate and prosecute to the fullest extent of international law those who reach out across the globe and attack computers and networks. Failure for the Obama administration to rapidly address this threat can and will have disastrous consequences on our nation with consequences that will spread at the speed of light around the globe.
TMC (News - Alert) announces NGN – the new magazine for service providers building tomorrow's communications networks. Subscribe free today.
Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more of Kevin�s articles, please visit his columnist page.
Edited by Michael Dinan
