Wednesday, February 19, 2014

White House Bunts on Critical Infrastructure Cyber Protection

By Jim McFarlin 

The United States is engaged in a non-stop global cyber conflict. Others across the globe have declared war on America – but we have not declared war on them. America is playing defense, and when it comes to cyber conflict, that’s a losing strategy.

It’s apparent that America is losing. Cyberattacks against the U.S. have risen tenfold since 2006, and China is conducting all-out cyber espionage on our military plans and weapons designs.

Meanwhile, Islamic extremists have vowed to destroy America by whatever means it takes. Extremist groups have lacked strong cyberattack capabilities but have been clear about their plans and intentions.

What does this mean for the country?

For the United States, our stakes are high. High enough, in fact, to warrant a massive effort to protect and preserve our national infrastructures, especially our power grid. Such a plan designed around the Manhattan Project that produced nuclear fission was outlined here on December 6.

Instead, the White House released its latest contribution to our national security on February 12: its “cybersecurity framework,” which is essentially a best practices manual for organizations to protect themselves against cyberattacks.

It might sound good on the surface, but let’s look under the covers: the proposed framework is entirely voluntary; defines bare minimums of defenses, many of which most organizations have already met; is without incentives for adoption; avoids specific requirements; and establishes no facilities for compliance reporting or feedback.

While administration officials call this framework a “major milestone,” others see a token effort, a checkmark on a presidential “To Do” list:
  • As reported in the Wall Street Journal, Alan Paller, Director of Research for SANS Institute, a major cybersecurity research organization, stated that the administration “wasted a year developing voluntary guidelines that will have little impact.”
  • The Washington Post quotes James Lewis, a cybersecurity scholar at the Center for Strategic and International Studies, as observing, “The framework is about as regulatory as a phone book.”
Congress does not have clean hands here, either. Legislation defining cybersecurity requirements for critical infrastructure organizations failed in the Senate after years of fierce opposition lobbying by the affected industries. Larry Clinton, President of the Internet Security Alliance, which represents firms such as General Electric and Verizon Communications, stated, “We’re only going to get secure if it’s...supported by some sort of economic incentive.”

America’s leaders will waste billions on electric car companies, battery makers and solar power companies that go bankrupt but will spend not a penny to protect our nation’s lifeline: our power grid.

Where’s the sense in that?

It’s bad enough that time was wasted on a meaningless plan. What’s worse is that this is yet one more signal to those who would attack our national infrastructures that America is not serious about building protection against crippling cyberattacks.

The message to our enemies is clear:

Fire at will.

("High Voltage Towers" image: a454/

No comments:

Post a Comment