excerpt from the book I'm writing on technology, terrorism, and
time at DHS, tentatively titled "Skating on Stilts." (If you want to
read the excerpts in a more coherent fashion, try the categories on the
right labeled "Excerpts from the book." I'm afraid I can't fix the bug
in TypePad that prevents me from putting them in the category in
reverse-chronological order, but I have started putting chapters up in
pdf form from time to time.) Comments and factual quibbles
are welcome, either in the comments section or by email:
email@example.com. If you're dying to order the book, send
mail to the same address. I'm still looking for an agent and a
publisher, so feel free to make recommendations on that score too.
No one can say we weren’t warned. The United States government told us all that a computer security crisis was brewing. Twice, in fact, and under two different Presidents.
President Clinton cautioned in January 1999 that “We must be ready--ready if our adversaries try to use computers to disable power grids, banking, communications and transportation networks, police, fire, and health services--or military assets."
A year later President Clinton proposed a series of measures to address the security problem.
Two years later, President George W. Bush created a special adviser on cybersecurity who spent a year developing a computer security strategy.
Neither effort made much headway. The public didn’t see the problem. The network attacks that alarmed Washington were classified. Officials couldn’t talk about them. Meanwhile, privacy and business interests worked overtime to persuade the public that national security concerns were overwrought. The real risk was government monitoring and government regulation, they insisted.
And, by and large, that was the view that prevailed -- twice, and under two Presidents. Nothing was done about computer security that anyone in the privacy or business lobbies might object to.
In 2009, a third President promised to make computer security a top priority, and shortly after taking office, the Obama administration also produced a security strategy. Once again, though, the strategy lacked punch. It failed to call for any action that could possibly irritate business or privacy groups. It spoke of cybersecurity only in alarmed generalities, unable to explain why Americans should be concerned enough to suffer even modest inconvenience.
But this time may be different. Thanks to the work of a band of Canadian security researchers , we now have a remarkable – and completely unclassified -- insight into just how easily computer hackers can penetrate even carefully secured computer networks.