One of the clear signs that Washington, D.C., exists in an alternate reality appears pretty much every time you turn on the radio. Nowhere else do you hear commercials for airborne tankers, homeland security consultancies or relief from cyber-terrorism. Some of these commercials are clearly aimed at members of Congress or procurement officers in the Department of Defense. Let's face it, even those of us who drive SUVs aren't likely to need in-flight refueling on a routine basis.
But the cyber-terrorism commercials heard every few minutes at many of the radio stations in Washington look beyond just getting the federal government to shell out a few gazillion dollars in computer security contracts. The companies sponsoring these commercials, including Verizon and Northrop Grumman, are making it clear that the threat of cyber terrorism goes well beyond the government, or even government contractors. The threat, they claim, is aimed at you.
And, at the risk of sounding overly dramatic, they're probably right. The point that these companies make is that there are people who will try to weaken the data infrastructure of the U.S. and its allies and partners at nearly any point. The goal isn't so much to steal secrets from the CIA as it is to degrade the smooth operation of the economy, business transactions, even e-mail. It's like putting a little fine sand into the gears of a transmission. It won't stop it from working immediately, but it will impair its operation, and eventually will bring it to a stop.
The goal of much of the malware that attacks businesses in the U.S. and around the world isn't really intended to steal anything significant. Yes, it's possible that a few account numbers or passwords might be harvested, but the real goal for the malware being sent out by other nations is more to corrode our daily lives than it is to steal anything. The idea is for things to take longer, be less efficient and to be less trusted. Ask yourself, would you depend on doing business by e-mail if you knew that there was a 10 percent chance the e-mail wouldn't arrive?
To some extent, these efforts are currently lost in the noise of all the criminal malware that's chocking servers everywhere. Botnet operators are flooding the Internet with traffic from machines they've taken over, all of them busily spreading themselves so they can find a home to settle in and attack more computers. Then they're rented out to perform whatever activity the renter has in mind, from sending out spam to phishing scams or Trojan horses.
But deep within all that traffic is the real threat. Countries like China are quietly testing their cyber warfare systems with the idea that if necessary, they can disrupt business in the West just enough to gain some advantage. And they're not alone. Countries like the U.S. are doing the same thing to China and others.
Right now, all of this is lost in the noise. You'll never see the tentative attacks on your infrastructure among the mass of junk from the botnets, spammers and malware producers. But that doesn't mean you shouldn't protect yourself from them. What this means is that you really do need to spend some money on security-something that's been neglected during the current recession. You need to make sure your defenses are just as strong at your company as they are at a government contractor somewhere. And you need to insist that the same is true with your business partners.
After all, it makes no sense to harden your own defenses, buy the best firewalls and hire the best people, if you have a gateway to a supplier that doesn't have that. The bad guys will just go through your weaker partner and get to you anyway.