Astoundingly, even two years now after the Sept. 11 terrorist attacks, America has still failed to secure our vital information infrastructure. Yet we've all seen the mass disruption caused by the recent Sobig, Nachi and MSBlast worms. Even though these worms were considered "unsuccessful" because they did not destroy data, they cost American businesses over $3.5 billion in August alone--a cost our economy cannot sustain. The Internet is attacked virtually every minute of every day, and many of us still take this amazing system for granted.
Estimates put the deployment of baseline security across all North American users at $450 billion, roughly equivalent to the annual value of the "information economy." Federal Reserve Chairman Alan Greenspan and others rightly attribute our enormous productivity gains in the past decade to the explosion of information technology in our economy. But with these gains comes the price of security. While this massive networkwide investment will require many groups coming together in concert, clearly we can no longer underestimate the impact of these attacks and write them off as nuisances.
Nor should we place blame on vendors in the larger Internet community. Without a doubt every operating system, Web browser and e-mail client application used today could have benefited from additional security features embedded in it before it was released. But finger-pointing and the blame game will get us nowhere, especially when should be busy installing the patch management options available from vendors to fix these security gaps.
There are no magic solutions or silver bullets that will shore up cybersecurity
in a day.
The Internet is a communal network--it benefits everyone, and everyone has a responsibility to protect it:
For home users, that means changing passwords often, using antivirus software and turning off DSL and cable modems when not in use.
For government agencies, that means demonstrating full compliance with patches and serving as a role model for good security practices.
For vendors, it means making security a foremost thought when designing products.
And for critical infrastructure providers, it means taking that obligation very seriously and investing substantial amounts in hardware, engineers, and research and development to stay at the forefront of cybersecurity.
There are no magic solutions or silver bullets that will shore up cybersecurity in a day. But there are steps that, taken over time, will improve the overall health, security and viability of the Internet.
Recent steps by the government are encouraging. Congress has begun to investigate the issue, and the Bush administration is expected very soon to nominate a cybersecurity chief, who hopefully will begin executing on the recommendations outlined in thereleased earlier this year. More government leadership, infrastructure investments, greater action from industry and increased cyberawareness among Americans will go a long way toward improving the resilience of the network to attacks.
Organized crime, terrorists and bored teenagers have taken advantage of the weaknesses in our cyberinfrastructure for long enough. These adversaries understand our growing dependence on the Internet and are exploiting these vulnerabilities to harm America. If we don't strengthen our cyberinfrastructure and increase our level of cyberawareness, it will only get worse.
History has proven that investing in our infrastructure is money well spent. With America's national security and economic viability at stake, it's time to up the ante and begin investing in the Internet's infrastructure.