Wednesday, November 19, 2008

The State of the Nation's Cyber Security...

As someone who spends at least some portion of every day researching the ins and outs of cybersecurity policy, I have to admit that I was appalled by reading Noah Shachtman's interview of John Arquilla, professor of defense analysis at the U.S. Naval Postgraduate School.

Arquilla basically says that the Obama Administration will have to make changes to our national cybersecurity policy by addressing 1) how to deter cyber attacks using the threat of retaliation, and 2) how to improve cyber defenses.

This is the complex analysis that our so-called experts and national leaders have come up with? How frightening.

Yes, we already know that cybersecurity is a big deal, and of course deterring attacks and improving defenses are necessary steps that must be taken (not to mention, additionally, having the capacity to quickly and effectively respond to any attacks in order to limit the amount of damage wrought). But the real question is how do we do it?

Someone might want to point out to Arquilla that we already have a national policy that covers this ground. The National Strategy to Secure Cyberspace was created in 2003 and the Bush Administration has been implementing it ever since (although its relative level of success in achieving objectives can definitely be questioned). In my attempt to be more constructive about the issue, moving forward, the Obama Administration would be wise to consider the following questions...

  1. Have public-private partnerships have been effective enough to warrant keeping them as the centerpiece of our national cybersecurity strategy?

  2. Has the completely voluntary approach to regulation worked, or is more direct government regulation required instead?

  3. Has federal funding of cybersecurity programs been adequate enough to achieve tangible results?

  4. Why has the position of "Cybersecurity Czar" had a revolving door with no one retaining the position for more than a few months, and furthermore, why was the czar post actually left vacant for over a year?

  5. Why was the new National Cyber Security Center (NCSC) created this past January when it seemingly has the same exact responsibilities as another already-existing agency, the National Cyber Security Division (NCSD), all within the Department of Homeland Security?

Let's hope that when our experts and national leaders give interviews such as this one which show a startling lack of depth and understanding of complex issues, they are only talking down to us because they figure we won't understand what's actually happening. As awful as it is for public officials to talk down to us, the alternative - that they don't even have a more thorough understanding of what's happening - is far too scary to imagine.


Post a Comment

<< Home