By David Coursey, AnchorDesk
February 20, 2002 9:00 PM PT
URL: http://www.zdnet.com/anchordesk/stories/story/0,10738,2849172,00.html
During the next few years, heightened security will change the
Internet, and the office network on which many of you work. In
fact, you'll probably see changes first at the office as companies
try to "harden" their information assets against a wide
variety of threats.
Some of these efforts will be successful, some will be
laughable, and most will tick you off. Many of you will come to
see security as getting in the way of convenience. Since many
companies will be tightening security on a learn-as-you-go basis,
you and your colleagues will often have a point.
Here are some things you need to be thinking about as the great
network lockdown of 2002 gets into full swing.
- Most companies don't spend as much money on protecting their
data as they do on coffee for employees. That's according to
Richard Clarke, the White House special advisor on
cybersecurity issues. He told an audience this week at the RSA
Security Conference that less than 0.0025 percent of corporate
revenue is spent on corporate information-technology
protection.
- It's not just the Internet and your company's data networks
that aren't secure. Experts point out that most of the
nation's critical infrastructure--the power grid, voice
networks, and water supplies--are vulnerable. You'll find
computers at the heart of all these systems, too. Terrorists
have a wide range of technology targets, not all of them in
cyberspace.
- Our adversaries, be they run-of-the-mill hackers or devoted
members of terrorist cells, have the same training and much
the same access to technology as we do. "Our future
enemies understand our technology at least as well as we
do," Clarke said.
- Cyberterrorists could launch an attack from anywhere,
potentially framing someone else for their evildoing. Imagine
what would happen if hackers in Iran left a trail that seemed
to end in Iraq. It's not hard to imagine such a provocation
resulting in another round of cruise missiles over Baghdad,
especially given President Bush's recent "axis of
evil" declarations, is it?
- If a cyberwar erupts, would we necessarily know? Simply
crashing a system for seemingly natural reasons could cause
enough disruption to achieve an enemy's aims. On the other
hand, a coordinated series of attacks against highly visible
targets--such as financial systems--could threaten chaos on a
near-global scale.
So what do we do?
- Let's avoid the tendency to throw up our hands. Yes, there
are so many potential targets and means for an enemy to do us
harm--information warfare is just a tiny part of this
catalog--that we can't possibly protect everything. But by
making it tougher to succeed, we can reduce the number of
potential adversaries and, perhaps, make their work against us
easier to defeat.
- The real threat to most businesses are not cyberterrorists.
Instead, the more likely danger lies in the more mundane
hacking attempts made every day over the Internet or perhaps
internally by unhappy employees. And don't forget: The biggest
loss of data is still caused by accidents of one kind or
another.
- We need to spend money. The success of the Internet makes it
attractive to what Superman called "the forces of
evil" in their many forms. Clarke said most companies
spend so little money on security they "deserve to be
hacked." I am not sure anyone deserves to be the victim
of crime, but his point--we know the threat exists, so we have
a responsibility to protect ourselves--remains valid.
- We should be accepting of the changes that enhanced security
is going to bring. But we need to be aware that more security
doesn't necessarily go hand-in-glove with a loss of personal
freedom or privacy. Some companies will, however, use security
concerns as an excuse to gather more information than they
need, to the detriment of privacy.
Here's the kicker, though. Despite more emphasis on security in
all quarters, we may still be steaming straight into harm's way.
In fact, I have deep concerns that security issues will never be
solved. Then again, I can't help but wonder whether our anxieties
over cyberterrorism are just as overblown as they were over the
Cold War's missile gap.
But I'll address this bipolar future more in Friday's column.
|