Sunday, July 11, 2010

The Threat of Cyberwar Has Been Grossly Exaggerated

The Earth-Bound Misfit is typically much more paranoid than I am, and weighs in heavily against the new NSA-run program, “Perfect Citizen.” Her post is here, and the original article in the Wall Street Journal is here. The WSJ says,

The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

I can see the need for ensuring that we have protection against cyber attacks, but the name. The name absolutely sounds like something straight out of Orwell’s 1984. Really, Perfect Citizen? You’ve got to be kidding…unless that was the intent—to make it sounds like 1984 on purpose.

Bruce Schneier, whose opinions on security I value more than anyone’s, has this to say:

The Threat of Cyberwar Has Been Grossly Exaggerated

There's a power struggle going on in the U.S. government right now.

It's about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top.

We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.

We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.

If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.

We need to be prepared for war, and a Cyber Command is just as vital as an Army or a Strategic Air Command. And because kid hackers and cyber-warriors use the same tactics, the defenses we build against crime and espionage will also protect us from more concerted attacks. But we're not fighting a cyberwar now, and the risks of a cyberwar are no greater than the risks of a ground invasion. We need peacetime cyber-security, administered within the myriad structure of public and private security institutions we already have.

No comments:

Post a Comment