Democratic presidential candidate Barack Obama spoke out on the 21st century threats facing the United States. In his speech he said these threats “have gone ignored.” He stated that “It’s time to update our national security strategy to stay one step ahead of the terrorists — to see clearly the emerging threats of our young century.” To put these threats in context he said he would focus on “nuclear, biological, and cyber threats — three 21st century threats that have been neglected for the last eight years.” Placing cyber threats in the same category as nuclear and biological weapons clearly acknowledges how horrific a cyber attack could be and the threat they pose to the nation.
What’s at stake? — In one case a cyber attack on one company that lasted only a few hours had direct costs of approximately $11 million, the indirect costs were estimated at over $400 million. Imagine the dollars if the attack impacted the entire Internet as it did in Estonia in 2007!
In his speech he acknowledged how dependent we are on the Internet. He said, “Every American depends — directly or indirectly— on our system of information networks.” In addition, he stated that “The United States needs to prevent terrorists or spies from hacking into our national security networks.” This topic has received a significant amount of press lately. He went on to recognize that terrorists using computers could deliver what he called a “crippling blow” to the nation’s networks that would harm our economy as well as compromise our national security. He went on to specifically identify the need for “new standards for the cyber security that protects our most important infrastructure — from electrical grids to sewage systems; from air traffic control to our markets.”
While the words are right, you have to wonder if anyone could accomplish this task given the current state of affairs and such a diverse group of stakeholders who are needed to address the complex issue of cyber security. So what would he do if elected? One of the actions he said he would take was to “bring together government, industry, and academia to determine the best ways to guard the infrastructure that supports our power.” Talk about competing agendas and interests. This group would be highly representative of those characteristics. He went on to say that “We need to build the capacity to identify, isolate, and respond to any cyber-attack.” If you combine the defensive measures he spoke about plus the offensive capabilities I just stated you would have a truly robust program that is badly needed today. But, is there time for political rhetoric — NO. Action must be taken now. An unprotected computer is a cyber weapon waiting to be loaded and used by criminals, terrorists or rogue nation states! Minimum standards need to be set and enforced for security testing of software and systems as well as a required minimal level of protection for every computer or device that can be connected to a network.
Over the past few years, dozens of international officials, military leaders and security experts have brought to light the risks of cyber attacks. Their message plus cyber attacks on Estonia, Lithuania, New Zealand, Germany, the United States and other are more than enough evidence of the urgency for our response. Given all that’s at stake, it is high time our nation’s leaders give cyber security the attention the threat now demands. It is true a partnership between business, government, industry and academia is needed to address this complex issue. It is also true that time is not on our side. We are in immediate danger of cyber attack with cyber skirmishes occurring every minute of every day. Cyber spies are snooping, cyber armies are massing, cyber criminals seem to act at will at the same time as terrorist groups issue press releases about their newly formed “cyber jihad” units. We must act decisively now! The clock is ticking and there is no time for politics. The best advice I can give came to my from an interview I did with Colonel Meelis Kiili, Defense, Military, Air and Naval Attaché assigned to the Embassy of Estonia who when asked what advice would you give leaders around the world about cyber attacks he said, “Don’t learn the hard way!”