The Washington Post

The government needs to step up efforts to protect cyber infrastructure

Congress is moving swiftly on legislation aimed at beefing up the nation’s cybersecurity infrastructure — but even that may not be fast enough.

The private sector owns or operates more than 80 percent of our critical infrastructure, including our energy, banking and finance and transportation systems. Recent Senate measures, in addition to certain House ones, would give the federal government more involvement to protect that infrastructure.

For instance, the bipartisan Senate Bill 2105 would require owners of the most critical infrastructure to meet certain cybersecurity requirements and give regulatory authority to the Department of Homeland Security. Among other things, it would establish a unified DHS office of cybersecurity.

Federal intervention is needed. The computer worm Stuxnet physically damaged Iran’s Natanz nuclear facility, and its source code is available on the Internet. Many are concerned that a similar worm could be re-engineered to cause damage to U.S. industrial control systems.

The lack of a single catastrophic cyber emergency has created complacency. In the meantime, the Chinese and “hacktivist” groups such as Anonymous continue to bleed us of our intellectual property, data and innovative R&D.

To combat the threat, we need to adopt a radically new mindset.

First, cybersecurity education must be accelerated. There exists only 1,000 people in the entire United States for the most demanding cybersecurity tasks, but between 20,000 and 30,000 are needed, according to James Gosler, the first director of the Clandestine Information Technology Office at the CIA.

Second, cybersecurity legislation, even if it’s not perfect, needs to be passed this year. The legislation needs to keep up with the speed of change. Consider the example of obtaining search warrants. It currently can take the FBI a half-day to receive a warrant to search a malware-infected computer. Yet a bot can take over your computer in less time than it takes for you to type your password.

Third, the explosion in mobile apps and the migration of an increasing amount of data to the cloud introduces a whole new series of security vulnerabilities. Recognizing them is a necessary first step to alleviating them.

Finally, we have to consider radical alternatives, even to the Internet itself. “The long-term solution is not continuing to patch today’s Internet but to begin to construct an alternative secure network for key critical infrastructure that is more easily defended than the open source Internet,” retired Gen. Michael Hayden, a principal of the Chertoff Group and former director of the NSA and CIA, told me.

We must move our mindset to a post digital 9-11 age before a catastrophic cyber event occurs. While threats abound, the innovation we all possess to combat them is far more powerful.

Thomas K. Billington is the chief executive of Billington CyberSecurity, an independent cybersecurity seminar and media company based in Chevy Chase.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
What can babies teach students?
Unconventional warfare with a side of ale
A veteran finds healing on a dog sled
Play Videos
A fighter pilot helmet with 360 degrees of sky
Is fencing the answer to brain health?
Scenes from Brazil's Carajás Railway
Play Videos
How a hacker group came to Washington
The woman behind the Nats’ presidents ‘Star Wars’ makeover
How hackers can control your car from miles away
Play Videos
Philadelphia's real signature sandwich
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Europe's migrant crisis, explained

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.