The idea of some geeky computer savant taking over virtual systems vital to the nation has long been a part of the public psyche (possibly even before Matthew Broderick did it in the 1980s movie WarGames). As our dependence on computers has grown, so have the odds that we could experience cyber-disruption of everything from our finances to air travel to electricity—and little has been done to keep that from happening.
Last week, however, the White House announced long-overdue legislation aimed at protecting the nation’s computer systems, followed by a call Monday for the rest of the world to do the same.
The domestic plan would put the Department of Homeland Security in charge of making sure private-sector businesses that control vital national security or economic systems provide a security plan for their computers and have it audited by a third party. Provisions for protecting private consumer information and for fully indentifying cybercrimes and their penalties are also included. The global strategy calls for countries to create similar international policies and work together to enforce them.
“The effort to build trust in the cyberspace realm is one which should be pushed in capitals around the world,” Commerce Secretary Gary Locke told the New York Times.
But there’s some question as to whether the plans have the teeth necessary to stop cybercrimes.
“It's a very big idea but sorely lacking on details and implementation,” David Koretz, CEO of cybersecurity software maker Mykonos, told the Huffington Post. “It’s light on details and has the same vagueness that comes with something that’s never going to happen in real life.”
Others agree that the strategies—which must consider issues of privacy and civil rights, business interests, sovereignty, and Internet freedom—are more of a plan to plan than an roadmap for effecting change. Among the issues cyber gurus foresee are countries that fail to come aboard becoming safe havens for crime, information sharing problems, and a lack of anything like enforcement.
“We need stronger legal incentives for good cybersecurity,” Fred Cate, director of the Center for Applied Security Research at the University of Indiana, told the Huffington Post. “The plan really doesn’t go in any direction towards doing that.”
While that may be true, policymakers say the latest cybersecurity efforts, which began two years ago with the president’s Cyberspace Policy Review, are meant to start untying a very tangled knot of conflicting interests. There’s plenty of talking left to do, according to White House Cybersecurity Coordinator Howard Schmidt.
“This is just the beginning of a conversation within governments, between governments, the private sector and beyond,” he said.
Jolie Breeden is the lead editor and science communicator for Natural Hazards Center publications. She writes and edits for Research Counts; the Quick Response, Mitigation Matters, Public Health, and Weather Ready Research Award report series; as well as for special projects and publications. Breeden graduated summa cum laude from the University of Colorado Boulder with a bachelor’s degree in journalism.