A Profound Moment in Cybersecurity

Richard Power looks at the big picture and how security must move forward

The moment is a profound one.

A new administration is in the process of taking over the reins of the vast realm of the U.S. federal government. The nation is confronted with serious threats both global and domestic: economic and financial crisis, terrorism, nuclear proliferation, organized crime, climate change and even potential pandemics.

And then there is ever-broader scope of cyber-related risks and threats, significant on its own, and exponentially significant when interwoven with all of the others, as it is well on its way to becoming.

What direction will this new administration take?

Will it show it has learned the lessons of the last decade?

Will it lead? And if it leads will it take the country in the right direction?

These questions of leadership, of course, are predicated on another question, a much more disturbing one, i.e., even if it decides to lead in a meaningful and substantive way, and even if it chooses the right direction to go, will anyone in the commercial sector or even the public sector really follow, in any reciprocally meaningful and substantive way?

Recently, at the height of the 2009 RSA Conference in San Francisco, I found myself ensconced on the second floor of the XYZ Lounge of the W Hotel, across the street from the Moscone Center, attempting to escape these daunting ruminations by engaging young German executive and his happy client talking about the problem of spam.

Talking with Gerhard Eschelbeck, CTO of Webroot (www.webroot.com), and Michael Skaff, CIO of San Francisco Symphony, I could put the following two blockbuster stories, and their implications, out of my mind for the better part of an hour:

"Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war." Siobhan Gorman, Wall Street Journal, 4-8-09

"Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in China, security experts alleged in two reports Sunday. The network was discovered after computers at the Dalai Lama's office were hacked, researchers say. Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, according to the reports. Reports: Cyberspy network targets governments, CNN, 3-29-09

Show Comments