Today, Rob Housman, the Executive Director of the Cyber Secure Institute, put out this statement regarding media reports that, in a two-day exercise involving 230 government agencies, private companies and other groups, the mock attackers succeeded in compromising the cyber-systems of the United States:
"Sadly, this was expected. The cybersystems our nation relies upon within both the public and private sectors are inherently vulnerable. They are full of security gaps that enemies, ranging from other nations to organized crime, can take advantage of.
"Chairman Langevin rightly said, "We're way behind where we need to be now . . . .This is equivalent in my mind to before September 11 ... we were awakened to the threat on the morning after September 11." The Chairman's concern is well placed. Yet another exercise has shown our vulnerability.
"The challenge for the new Obama administration is to take the tough steps necessary to protect us-before we face a catastrophic attack, a real cyber-9-11.
"We need to act now:
- We need to replace inherently insecure systems with inherently secure systems-technologies that are the cyber-equivalent of totally bulletproof-not later, but now.
- This will require bold action and real investments across both the government and private sector.
- The biggest challenge is the private sector. The private sector, especially our critical infrastructure, will need to be incentivized, cajoled, and likely compelled by new laws and regulations to become more secure."
"We need to take this very seriously. Whether we like it or not we are now in a form of low-grade warfare, the weapons aren't guns and tanks, they are cyber attacks. And, while they may seem less tangible they have the potential to be weapons of mass disruption. Every day the Chinese, the Russians and others are probing our cyber defenses and even disrupting our public and private systems."
The Cyber Secure Institute is a newly established analysis and advocacy institute dedicated to serving as the voice for effective cyber security. For more information: www.cybersecureinstitute.org.