Security expert: US would lose cyberwar

The U.S. government will have to take a more active role in regulating cybersecurity, a former intelligence official says

The U.S. government, if confronted in a cyberwar today, would not come out on top, a former U.S. director of national intelligence said Tuesday.

"If the nation went to war today, in a cyberwar, we would lose," Mike McConnell told a U.S. Senate committee. "We're the most vulnerable. We're the most connected. We have the most to lose."

McConnell, director of national intelligence from 2007 to 2009, predicted that the U.S. government would eventually get heavily involved in protecting cybersecurity and in regulating private approaches to cybersecurity. Testifying before the Senate Commerce, Science and Transportation Committee, McConnell also predicted that the U.S. would make little improvements in its cybersecurity before a "catastrophic" attack will cause the government to get involved.

"We will not mitigate this risk," said McConnell, now executive vice president for the national security business at Booz Allen Hamilton. "We will talk about it, we will wave our hands, we'll have a bill, but we will not mitigate this risk."

After a major attack, the government will step in to secure the Internet, McConnell predicted. "We're going to morph the Internet from something that's referred to generally as dot-com to something that we call dot-secure," he said. "When [online] transactions move billions of dollars, or when transactions route trains up and down the East Coast or control electric power ... the basic attributes of security must be endorsed."

Government intervention is needed, added James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, a Washington, D.C., think tank. Private-sector fixes to the nation's cybersecurity problems haven't been effective, he said.

The Internet was designed as a global commons that polices itself, but that model has failed, Lewis added. "Instead, we've got the Wild West," he said. "Many will say we should let the market fix cybersecurity. I'm familiar with this one, because I, myself, wrote it in 1996, and I'm still waiting. Government needs to give the market a kick."

Early last year, Senators Jay Rockefeller, a West Virginia Democrat, and Olympia Snowe, a Maine Republican, introduced a bill that would create new cybersecurity regulations for private companies designated as critical infrastructure. The senators have rewritten the Cybersecurity Act several times after complaints from the private sector, but the bill would also require a national licensing and certification program for cybersecurity professionals. Under the bill, it would be illegal to provide some cybersecurity services without being licensed and certified.

Some versions of the bill would have also allowed the U.S. president to order that parts of the Internet under attack be shut down.

Lewis praised the bill, saying it provides a "broad rethinking" of the nation's approach to cybersecurity.

Rockefeller, the committee chairman, said cyberattacks are happening too often and are "sucking the blood" out of the U.S. economy. The U.S. government needs "strong top-level coordination" to protect cybersecurity, he said.

"Too much is at stake for us to pretend that today's outdated cybersecurity policies are up to the task of protecting our nation and economic infrastructure," he said. "We have heard the reassurances and seen the best efforts of many in the private sector working to secure their networks. But it is clear that even the largest, most sophisticated companies are not immune from attack."

While new regulations might help in some areas, U.S. technology users and policymakers need to stop tying more and more systems to the Internet, said Mary Ann Davidson, chief security officer at Oracle.

"In the many discussions on what the government can do to fix cybersecurity ... it is worth noting that no single proposal will save us, and certainly not any time soon," she said. "There is, however, one thing we can do today: Stop making cybersecurity worse by rushing to use technology in ways we know very well we cannot secure."

Davidson said she worries about when the U.S. electrical system is fully controlled through the Internet and when people working with SCADA (supervisory control and data acquisition) systems fully embrace their ability to turn the systems on and off through a smartphone.

"We know that people have built personal digital assistants that 'talk SCADA' because 'it's so expensive to send a technician to the plant,'" she said. "It won't be long before we hear: 'Move the control rods in and out of the reactor? There's an app for that!'

"Some day we may have a power plant meltdown when all someone was trying to do is answer the phone," she added.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags USA governmentsecuritycyberwar

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?