BY DONNA HOWELL
INVESTOR'S BUSINESS DAILY
Our defenses are lacking and first-strike capability too, on a front once mainly depicted in science fiction.
"Cyberspace is real. And so are the risks that come with it . . . we're not as prepared as we should be," President Obama said Friday, creating a new White House position to coordinate protection of the nation's critical online systems.
Online threats are real and growing, experts agree. But while they applaud Friday's plans, they question how much good they will do.
Obama said many other steps will be needed. And the Pentagon plans to create a command for cyberspace defense and offensive capabilities, the New York Times reported.
Concrete Results Lacking
Neither move comes out of the blue. Obama's announcement follows a 60-day review and, as with the military, years of government efforts to shore up cybersecurity.
They've fallen short, Obama and others say, amid all kinds of computer attacks that threaten national security.
"While government can secure its own networks, our security is still at risk unless financial institutions and other institutions are also safeguarded," said Jim Walden, former head of the computer crimes unit in the U.S. Attorney's Office for the Eastern District of New York. "The private sector is lagging government and government has lagged the rest of the world."
The U.S. has sophisticated systems for protecting parts of its infrastructure but also plenty of vulnerabilities and a wide field of attackers, says Walden, now a law partner at Gibson Dunn.
"China and Russia have shown in a series of attacks against the U.S. and other countries their ability to wage different aspects of cyberwarfare," he said. "We need to show we're capable of defense but also acting proactively, on offense."
China was believed to be behind the "Titan Rain" attacks on defense agencies and firms a few years ago, he says. This year Beijing faced pressure over an online spying network, allegedly tied to it, said to have infiltrated systems in more than 100 countries.
But it's tough to tell if cyberattacks stem from governments or individuals. Russian cyberpunks launched massive attacks vs. Estonia and Georgia, but it's not clear what role the Kremlin played.
Obama said terrorists could unleash a "weapon of mass disruption" with a few keystrokes, and spoke on how attacks have darkened electric service in foreign cities. By some estimates, he said, Americans have lost $8 billion to cybercrime in the last two years.
The White House plans to work with industry on tech solutions. But Obama "was very clear" that he wouldn't "dictate to businesses how to fix their systems," said PGP Corp. CEO Phil Dunkelberger, head of industry group Tech-America's cybersecurity council.
"The consensus in the audience was that he's looking for a nonpolitical appointee well able to address economic and cyber issues," said Dunkelberger, who attended Friday's event.
Paul Kocher, president and chief scientist at Cryptography Research, has "sort of a secret hope we might actually get someone who's written code," but doesn't expect it.
He has "fairly low" expectations of what government can do.
"The main one is trying to coordinate the government's own security defenses, which are in a disastrous state," Kocher said.
Mandating safe codewriting and instituting severe liabilities for lax businesses are too unpalatable to be politically feasible, he says.
In that regard, there's "no possibility of something significant happening without a catalyzing event — a digital Pearl Harbor people describe sometimes," he said. "Eventually there will be something that happens sufficiently extreme" to spur interest in a cybersecurity regulator along the lines of the Federal Aviation Administration or FDA.
Turf wars between Homeland Security, the National Security Agency and others have emerged over who should take the lead in nonmilitary cybersecurity.
Walden hopes a White House coordinator will provide "a unified chain of command to help agencies put down their competitive rivalries and move toward a common goal."