The State of Cyberspace Security
By: Congressman Lamar Smith
Cyber crime takes many forms, such as child pornography, piracy, fraud, computer security breaches and extortion. It has the potential use for both attacks and effective defenses.
Before September 11, 2001, our national security strategies involved troop levels, conventional weaponry, physical headquarters and a military chain-of-command.
But wars in the Information Age will be fought - and won - by cyber-space soldiers who do not require a rifle, grenade or Kevlar helmet.
Changing times mean changing crimes. The mouse and keypad have the potential to be just as lethal as the bomb and bullet.
The cyber attack threat and our efforts to prevent and reduce it carry a tremendous sense of urgency. Computer networks are increasingly susceptible to hackers, intruders and other cyber criminals. These attacks are becoming more frequent and more severe. Today, 51% originate in the United States, which far outpaces the rest of the world. And what makes them so alarming is that we do not know if the attacker is a teenager in Texas or an al Qaeda operative in Iraq at the time of an attack.
These criminals are very sophisticated in detecting flaws in software. Many organizations can have their new security networks debilitated as soon as they go online.
According to a recent survey, 64% of new attacks have targeted systems less than a year old.
In a cyber war, terrorists have the capability to hijack not just airplanes, but airports. They can hold hostage not just a few individuals, but millions. And they might manipulate the electronic infrastructures of major cities and even countries.
Today, terrorist groups are determined to disrupt our communications to increase the death toll as well as the psychological impact it would have on Americans who suddenly could not speak to one another.
It is not an exaggeration to describe this nightmare scenario as an electronic Pearl Harbor.
The Homeland Security Committee, of which I am a senior member, is working to pass its first ever authorization legislation that improves the operations of the Department of Homeland Security. We officially define "cyber security" as the "prevention of damage to and the protection of . . . electronic communications systems . . . to ensure its availability, integrity, authentication, and confidentiality."
The legislation also elevates the cyber security mission in the Homeland Security Department to Assistant Secretary status. A new Assistant Secretary will have the ability to coordinate cyber security threats with critical infrastructure elements.
While the private sector, Congress, and the Bush administration are prepared for a cyber attack on a massive scale, we should understand that almost every cyber security defense can be penetrated. The challenge is how we manage these breaches.
When I chaired the Judiciary Subcommittee on Crime, Terrorism and Homeland Security, we approved cyber security legislation that is now a part of the Homeland Security Act. While the penalties and measures in the Act are strong, we should always be aware of the reality that people who intentionally crash airplanes into buildings don't care about those penalties. They are not a deterrent.
It comes down to our ability and our determination to prevent or reduce a crippling cyber attack. The key element is communication. We must know what to do and who to communicate with so the damage is confined to only the opening stages.