Nov 03 2011

A New Kind of War Emerges in Cyberspace

The Internet makes it possible for hackers to do things that weren't dreamed of 50 years ago.

The Cold War of yesteryear may be over, but a different version has emerged in the hotly contested world of cyberspace.

In this new domain, traditional Cold War deterrence models do not apply. To stay ahead of a wide range of adversaries, the United States must constantly adjust and improve its defenses. What's more, the nation needs a steady supply of cyberheroes to enhance our national and economic security.

Like the Cold War of the 1960s and 1970s, the cold war of the 21st century is marked by espionage and a technology race. But in today's world, both exist in cyberspace. In the 1960s, governments spied on each other; in the cyberworld, the targets include government, industry, academia and individuals.

The Internet makes it possible for industry and individuals to do things remotely that weren't dreamed of 50 years ago; it also allows our adversaries access to our secrets from safe havens across the ocean, making us tantalizing targets. The missile has been replaced by the notebook computer, which can wreak havoc on our critical infrastructure.

Bits generated by a notebook are much harder to track than a missile, so attribution is a much more difficult task today. The tools include access to a computer, some code that can be downloaded and a connection to the Internet — all of which are available to nearly every person in the world.

A Serious Threat

So how do we address this threat? Recognizing it is a good start. Today, many companies and government organizations that take intrusion seriously are still being penetrated. Defense is hard: You have to ensure that there are no holes anywhere, because the

adversary needs to find only one. An individual can't really ensure security unless he or she unplugs the computer.

The fact that we are so interconnected means that whenever one person in the enterprise makes a risk management decision, that risk is shared with many others who aren't even aware of it. People are themselves the weak link in the security chain.

It's clear that this is not a problem that government can solve alone; nor can industry. Government, industry and academia must work together. Technology is constantly improving, and yet thousands of new pieces of malware are created every day. Signatures were a great approach 10 years ago; but today, signature writers are in a losing race with malware writers.

That means we need more than signatures. We need automated tools so the system is aware that some code is asking it to do something dangerous, so it can then stop the action. We also must remove the burden from the individual and place it with the cyberwarrior — a professional — to protect the country.

To that end, federal, state and local government agencies, along with other organizations, have partnered to tackle these challenges. National cybersecurity strategies have been implemented. More information is being shared. And the U.S. government's research and development institutions have turned their attention to cybersecurity.

Change the Culture

Today, millions of people own computers, but few understand basic security practices. To protect against the threats we are facing, cybersecurity needs to become a part of our culture and education. Our schools need to incorporate cybersecurity into their curricula and increase awareness of the cyberthreat. As a nation, we need to strengthen students' math and science skills and make those areas more desirable career paths for young people.

We can engender the same kind of national duty to pursue cyber-related careers as we do for military service. In the 1960s, the term "rocket science" was perceived as a pinnacle of education. Today we need cyberwarriors. That's the challenge this country faces and that future generations must meet.

<p>Photo: Drake Sorey</p>