It was with more of a sense of resignation than shock that we read this Network World report on a cyberdefense hearing held last week by the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. The bottom line is that the our nation is at risk of cyberattacks that could cause major -- even catastrophic -- disruptions.
Haven't we read this story before? It seems so familiar: Our defenses are weak, nobody seems to be paying enough attention, investigators are shocked -- shocked! -- and everyone agrees that we've only avoided a major problem due to dumb luck.
Despite some rays of sunshine, such as a somewhat upbeat report from the Information Technology Association of America, many folks are frustrated that few people seem to be doing much except testifying in front of Congress about the dire straits we are in.
Perhaps the past half-decade has been so tense and what's at stake so great that people are inured to the dangers. The one positive note -- if it can be called that -- was offered by the Burton Group's Jamie Lewis. Lewis agreed that we are in danger, but said that the nation's cyber infrastructure is so vast that it would be difficult to mount an attack capable of bringing down the entire network.
The sense of business as usual despite the high stakes is a subtext of this Federal Computer Week story, which details the dissatisfaction that Representative James Langevin (D-R.I.) expressed at an April 19 hearing concerning reactions to hacking incidents that occurred in May and July of last year.
The earlier incident involved a malicious e-mail that set up a back door into a State Department PC. In July, an intrusion into a Commerce Department network was discovered. Toward the end of the story, the director of information security issues for the Government Accountability Office is quoted as saying that State doesn't have a "complete inventory of its cyber assets" and that dangerous unknown connections between classified and unclassified networks could exist.
It's true that hearings centering on a particular topic are likely to be packed with horror stories. Even adjusting for this, the state of federal cyber security is frightening. What remains to be seen is if the Congressional overseers will remain satisfied with depressing hearings or finally will demand that the situation be addressed.