This
is
another
excerpt from the book I'm writing on technology, terrorism, and
my
time at DHS, tentatively titled "Skating on Stilts." (If you want to
read the excerpts in a more coherent fashion, try the categories on the
right labeled "Excerpts from the book." I'm afraid I can't fix the bug
in TypePad that prevents me from putting them in the category in
reverse-chronological order, but I have started putting chapters up in
pdf form from time to time.) Comments and factual quibbles
are welcome, either in the comments section or by email:
[email protected]. If you're dying to order the book, send
mail to the same address. I'm still looking for an agent and a
publisher, so feel free to make recommendations on that score too.
--Stewart Baker
No
one can say we weren’t warned. The United States government told us all that a
computer security crisis was brewing. Twice, in fact, and under two different
Presidents.
President
Clinton cautioned in January 1999 that “We must be ready--ready if our
adversaries try to use computers to disable power grids, banking,
communications and transportation networks, police, fire, and health
services--or military assets."
A
year later President Clinton proposed a series of measures to address the
security problem.
Two
years later, President George W. Bush created a special adviser on
cybersecurity who spent a year developing a computer security strategy.
Neither
effort made much headway. The public didn’t see the problem. The network
attacks that alarmed Washington were classified. Officials couldn’t talk about
them. Meanwhile, privacy and business interests worked overtime to persuade the
public that national security concerns were overwrought. The real risk was
government monitoring and government regulation, they insisted.
And,
by and large, that was the view that prevailed -- twice, and under two
Presidents. Nothing was done about computer security that anyone in the privacy
or business lobbies might object to.
In
2009, a third President promised to make computer security a top priority, and
shortly after taking office, the Obama administration also produced a security
strategy. Once again, though, the strategy lacked punch. It failed to call for any action that could
possibly irritate business or privacy groups. It spoke of cybersecurity only in
alarmed generalities, unable to explain why Americans should be concerned
enough to suffer even modest inconvenience.
But
this time may be different. Thanks to the work of a band of Canadian security
researchers , we now have a remarkable – and completely unclassified -- insight
into just how easily computer hackers can penetrate even carefully secured
computer networks.
Comments