WASHINGTON — Every day, as people find new ways to use cyberspace to improve their lives, make social connections and do business, they also are creating opportunities for exploitation and victimization. Yet even as the threats grow, the federal government continues to face challenges fighting cyber crime — meaning that all of us are at risk, all the time.
The threats are real. They range from the relatively minor — a savvy cybercriminal steals one persons identity and drains his or her bank account; to the major — a ring of organized hackers steals thousands of online credit card numbers; to the disastrous — cyber terrorists based overseas attack the Pentagon, a chemical manufacturing plant or the codes for a major city's electrical grid.
It's a wild cyber world out there, and it's getting wilder every day.
The good news is that the government has recognized the threat, and a year ago a new cybersecurity coordinator position was created in the White House. The challenge is that the job is enormous in scope and responsibility.
Now that Howard Schmidt has come on board for that position, however, he has an opportunity to bring the federal government and our nation into the 21st Century.
Schmidt has a lot on his plate. Among many responsibilities, he's expected to drive efforts across government to ensure that critical infrastructure and cyber assets are protected. He's expected to report quickly on what went wrong when cyber defenses are compromised, and he's expected to tell us who's to blame when a bad actor (foreign or domestic) tries to penetrate or disable government sites. Each one is a herculean job in and of itself.
Recently, we participated in the Worldwide Cybersecurity Summit in Dallas, organized by the East West Institute (EWI), to help the global community figure out the best way forward. Howard Schmidt was there representing the White House. Considerations for Mr. Schmidt and his team as these efforts move ahead:
- Drive presidential action. Help President Obama to use every tool in his arsenal to raise awareness and make it clear that cybersecurity is a national priority. Then compel his cabinet and the Congress to follow his lead.
- Collaborate. Encourage public-private partnerships that tap the expertise of the business world and the international community. Collaboration across borders, across government organizations and across industry will be essential.
- Never sleep. Cyber criminals, hackers and terrorists aren't dumb. They'll make moves on weekends, after hours and holidays. A 24/7/365 kind of devotion will be needed from the team of officials in charge of protecting our critical cyber infrastructure. The volume of work and coordination that's necessary to ensure that our defenses are as secure as possible is enough to fill days on end. It's a serious job, and anyone with less than a full-time commitment need not apply.
How do we even know where to begin to address this problem? We can start here at home with federal policies, but we can't ignore the global community or the private sector while we do so. We learned that repeatedly at the EWI Worldwide Cybersecurity Summit in Dallas.
A practical place to start is with internet domain names. The .mil domain is protected by the Department of Defense, and the .gov and .com domains are overseen by the Department of Homeland Security. But .edu, .net, and other domains are without a federal agency designate — and .edu sites are often the unlocked door for hackers and criminals due to lax security measures on many campuses, and the high number of students engaged in downloading, Internet surfing and social networking. Universities also are often connected to industry and government research and development activities that provide easier opportunities for outside intruders to gain access to their targets.
What's more, there's nothing to ensure that what's working in one domain is being shared with those responsible for the others. Now multiply that across dozens of cabinet-level agencies and congressional committees with some responsibility, jurisdiction or oversight over the issue. Then add the fact that more than 80 percent of the cyber infrastructure is controlled by the private sector. Finally, consider the global scale of the issue and realize that the international community generally hasn't collaborated on cybersecurity issues or come to any agreements on how to address them. You get the picture.
Those in the private sector must commit to doing their part, and we must do all we can to help the government do its part. There's simply too much at stake not to collaborate on this issue, and fast.
There are many talented, dedicated officials in government and the private sector who see the threat clearly and are actively finding answers. President Barack Obama is paying attention, and a genuine willingness to work together across borders is growing: That was evident in Dallas, where senior government and industry members represented the Cyber 40 nations.
Let's hope that these steps forward continue, and that our upcoming collaboration with the global community on these issues helps speed things along.
ABOUT THE WRITERS Lt. Gen. Harry Raduege USAF (Ret) is a former director of the Defense Information Systems Agency and currently is the chairman of the Deloitte Center for Cyber Innovation. Former Congressman Tom Davis (R-VA) is director, federal government services for Deloitte.