05.29.09

Same Old Story: Improve Cybersecurity

Posted in Cyberterrorism, War On Terror at 10:52 am by George Smith

“President Obama announced a sweeping new initiative to beef up the nation’s defenses against attacks on the nation’s increasingly important computer networks, including a plan to put a cyber-security chief in the White House,” reported USA Today, along with many others.

“Cyber-space is real and so are the risks that come with it,” President Obama told the nation.

It was familiar.

Over the past decade, a great many US government officials have uttered similarly pleasing sounds. Obama administration officials and advisors are no different. For an earful and eyeful from the current line-up, view the Whitehouse’s entirely unremarkable video on the subject.

“The national dialogue on cybersecurity must begin today,” states the Obama administration’s recent cyberspace policy review.

“People cannot value security without first understanding how much is at risk. Therefore the Federal government should initiate a national public awareness and education campaign informed by previous successful campaigns.”

These are statements which sound good, but only superficially. Instead, they tend to really insult the intelligence of anyone who has followed US government campaigns to educate the public over risks from cyberspace in the past eight years.

Fundamentally, the US government’s ‘education’ on the issue has always boiled down to employing a small army of officials, as well as experts from the private sector, to convey dire messages: The country is so dependent on the networks, it can be turned off like a switch by a variety of enemies who choose to attack through cyberspace. The enemies can be nations we don’t like, teenagers, disgruntled insiders, organized crime, or just crazy people.

The famous meme on turning the country off like a floor lamp was originally called “electronic Pearl Harbor,” later modified to “digital Pearl Harbor.” An authoritative collection of government outreach educational statements on the threat from cyberspace in the press, collected from 1994-2000, can be read here.

A more recent sighting of government officials, often anonymously, educating the public on the dangers of not defending the nation’s infrastructure in cyberspace is here — on cyberspies from China said to be installing software boobytraps in important systems. And a critical summary of ten common red-herrings used to ‘educate’ the public on the issue over the past could years is here in “10 easy steps to writing the scariest cyberwarfare article ever.”

“I’ve written on computer security hysteria for twenty years and I can tell you this: the U.S. federal bureaucracy has never produced a good economic figure for computer security damages,” wrote one of this author’s colleagues, Rob Rosenberger on his Vmyths computer security and opinion site, in February. “It’s all about hype, not accuracy.”

Rosenberger was addressing the claims of various government officials on the scope of damage the country was thought to be suffering from cyberattacks. He was comparing the statements from Dennis Blair, the Director of National Intelligence, on the threat of cybercrime in 2009, with those from Richard Clarke, the country’s cybersecurity czar in 2002.

“Okay, so now along comes Barack Obama with his ‘open’ government,” continues Rosenberger. “[Dennis Blair] all but admits the entire U.S. intelligence community lacks data concerning one of the five most important threats America now faces … [it] can do nothing more than quote wild dollar values spouted by two companies — one of them not even involved in economic assessments.”

The problem is not that there hasn’t been a discussion with the American public on cybersecurity. There has. And it’s been entirely monochromatic, larded with scenarios, claims and frightful rumors meant to incite action, and allied with experts chosen from companies in the private sector who always stand to gain richly from further spending on cybersecurity. Danger, danger! We’re losing billions of dollars a year! China or someone other nation will turn off the water and power!

Empirically, this manner of nonsense — which has been shoveled for years — has been a turn-off, the exact opposite of what the Obama administration wants. Many people when confronted with stories about lurking cyber disasters, ignore them. They already have too much experience with removing, or getting someone else to remove, spyware and viruses from their home computer. And while they are probably aware that malicious knocks on the firewall running on their Internet-connected PCs occur every few minutes, they are somewhat less concerned about menaces said to be threatening the day-to-day economic health and safety of the nation.

So when Barack Obama reverts to citing figures on dollar losses due to cyberspace, these repeat a general practice of fudging. And when he stated today that in other countries, “cyberattacks have plunged entire cities into darkness,” he is repeating unconfirmed rumors.

It is not the best start.


At Sitrep.

Follow-up: News article at Popular Science.

Comments are closed.