Sophisticated computer hackers are as big a threat to the United States as weapons of mass destruction and global jihad, argues a new report on cybersecurity. The report, which was produced by the Center for Strategic and International Studies, a Washington think tank, contains recommendations for the incoming Obama administration, and issues a dire assessment of the government’s current efforts to prevent cyberattacks. “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009,” the report states. Cyber safety is “a battle fought mainly in the shadows. It is a battle we are losing” [DailyTech].
The federal government has been embarrassed in recent years by intrusions into the computer networks of many different agencies, including the Defense, State, Homeland Security, and Commerce departments, the National Aeronautics and Space Administration (NASA), and the National Defense University. An investigation last year by The Washington Post showed that multiple compromises of unclassified computer systems for the Transportation Security Administration and DHS headquarters went unnoticed for months in 2006 because the agency failed to effectively monitor its own networks [Washington Post]. In some cases the breaches have been linked to Chinese computer servers, indicating a possible convergence between hacking and espionage.
The report suggests creating a new White House department to lead government efforts on cybersecurity, and largely dismisses the work done by the Department of Homeland Security. “We still have an industrial-age government that was organized a century ago,” Jim Lewis, the center’s director, said in an interview in September. “The DHS has a 1970s-style solution to a 21st century problem.” … Lewis said in the same interview that although the department has made some progress on cybersecurity, the government would still in some cases have to call a committee meeting if it suffered a cyberattack because so many different agencies have jurisdiction over the problem [San Francisco Chronicle].
Other recommendations include a suggestion that the federal government end its reliance on passwords and enforce what the industry describes as “strong authentication.” Such an approach would probably mean that all government computer users would have to hold a device to gain access to a network computer or online service [The New York Times]. In one controversial proposal, the report suggests revising wiretap laws to make it easier for law enforcement to obtain the data warrants that allow online information to be monitored and collected; the report says that traditional search warrants are “increasingly impractical in the online environment” [Washington Post].
80beats: Computer Virus Travels Into Orbit, Lands on the Space Station
80beats: Russian Invasion Included the First Real Use of “Cyber Warfare”