How Should Critical Infrastructure Be Protected?

Carl Weinschenk
Slide Show

Nine Steps to Securing Your Wireless Network

Steps you can take to protect your wireless network.

Lolita Baldor, the Associated Press writer of this piece, did the right thing in leading off with the most dramatic element. That's sound journalistic writing and a good thing, since it makes it a bit more likely that people read a story on a very important topic.

 

The report deals with possible ways to keep the nation's critical infrastructure safe from cyber threats. The first few paragraphs focus on the idea of establishing a super-safe alternative Internet for use by critical infrastructure elements. The concept was floated by Shawn Henry, the executive assistant director of the FBI, at a conference held by the Internal Systems Security Association and, Baldor wrote, elaborated upon in an AP interview (for which no link is provided).

 

A separate and highly secure Internet for critical elements is one of those ideas that is far more appealing before it is carefully thought about. Two minor problems right off the bat: Who pays for it? Who gets to use it? For instance, does the NASDAQ - which has been infiltrated - qualify? After all, they are a major element of the world's financial infrastructure. How about the big banks? The list of participants could grow quite lengthy and, logically, the more the merrier - for the bad guys.

 


Those are not the main problems, however. The real problem is with the concept of "super secure." If there is one lesson to be learned about the cyber wars of the Internet age, it is that the bad guys are just as smart, as well financed and often more motivated, than the good guys.

 

Until a few years ago, the dark side was less structured. It was dominated by folks - mostly kids - trying to prove personal or political points or just showing off. It has evolved, however, to a high-stakes battle that pits other nations and organized crime against us. It is hubristic to assume that a super-secure Internet on day one would remain that way on day two.

 

Just how scary this all is should be amply shown by the actions of Anonymous, the shadowy group that can best be described as online vigilantes. This piece at PC Magazine details a government report that claims Anonymous isn't sophisticated enough to take down critical infrastructure. Three questions: Who knows if that is true? Who knows if the group would cause such problems even if it is capable? And, finally, even if it isn't sophisticated enough today, how long will it be before it acquires the necessary expertise? The bottom line is that the very fact that the conversation is being held suggests how serious things are and how difficult it is to deal with absolute statements.

 

The fact that starting from scratch isn't the way to go doesn't lessen the problem or reduce the urgency of addressing it. The rest of the AP piece describes some of the less dramatic approaches to the problem, which can be described as a crisis without exaggeration. That, and not building a new network, is where the focus should be.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.