A cyber con game

In a recent report to President Bush, an advisory task force presented a damning picture of the nation's information technology infrastructure.

The authors of the study, "Cyber Security: A Crisis of Prioritization," warn that the current system is "highly vulnerable to attack" and urge a fundamental rethinking of how the nation's computing architectures and technologies should get deployed.

Don't get your hopes up. If past is prologue, I think it's safe to assume that nothing will come of this--until it's too late and people again are scrambling for answers.

It's tempting to become cynical about so sensitive a subject, but the blunt truth is that Americans care more about the ultimate outcome of "American Idol" than they do about repairing the nation's IT infrastructure. Outside of the confines of the security nerds who live and breathe this stuff, most folks are bored silly by the subject.

So with no pressure from constituents, the people in charge of the country have remained complacent even while the security protocols and practices governing the system fell into disrepair.

Both major political parties shoulder blame. The question of how to shore up the nation's IT infrastructure first surfaced toward the end of the Clinton administration. A fat report got published and bureaucrats dutifully made time for reporters' questions. But fundamental change was postponed for another day--and another administration.

Cybersecurity gained temporary prominence after Sept. 11, 2001, but the Bush team quickly lost interest. Bureaucratic squabbling and the absence of real backing from the chief executive have since turned the job of cybersecurity chief into a revolving-door post.

Since 2001, the government has casually gone through one cyberczar after another, and yet you hardly hear a murmur from the political elites. Years ago I asked a now-retired congressman why so few of his colleagues put a big effort into technology issues, and he gave me one of those "Kid, you must be from Kansas" smiles. Couldn't I understand that a stem-winder on the floor of the House of Representatives about IT and its discontents would never get him onto the evening news?

Sure I could. Unfortunately, when they do start yammering about bits and bytes in public forums, it's usually for all the wrong reasons.

So it is that we were recently treated to the spectacle of three congressmen who ought to know better calling for a government investigation into the sale of IBM's notebook business to a Chinese company. It was all politics for the sake of impressing the voters back home and generated the desired headlines.

Too bad they didn't also investigate why we're still churning out software with security holes--and this, six years after a 1999 President's Information Technology Advisory Committee report first flagged this as a concern.

In a numbers game, it's all about counting noses. Unfortunately, the natural constituency in favor of breaking sharply with tradition and doing something meaningful about cybersecurity is relatively small (Even a promise of unlimited brie and chardonnay will not produce any Million Coder Marches on Washington in our lifetime.) That calls into question one of the key recommendations in the report: a call to increase the National Science Foundation's research budget for fundamental research by some $90 million.

Unless the president awakes one day to an epiphany, the report will surely get summarily rerouted to a dusty shelf in a forgotten corridor of a nondescript department, somewhere deep in the bowels of official Washington, D.C. Just like so many other do-gooder position papers that wind up ignored and put aside.

But when the stuff one day hits the fan--as it inevitably will--nobody in authority will be in a position to claim they didn't know.