According to a recent article in Computerworld by Jaikumar Vijayan, Internet Warfare: Are We Focusing on the Wrong Things?, some are concluding:
More than seven years after the terrorist attacks of Sept. 11, 2001, there’s widespread consensus that federal efforts to secure cyberinfrastructure are bogged down by a lack of vision, planning and leadership. While the government has struggled to come up with a cohesive national strategy for defending its interests on the Internet, threats in cyberspace have continued to grow and today pose a grave risk to national and economic security.
Adversaries, which include unfriendly governments and militaries, intelligence agencies, organized criminals groups and hactivists, have by most accounts already penetrated U.S government and private networks or are actively engaged in doing so.
We certainly have the technical no-how to defend our computing systems. But like most things government does, it gets bogged down in bureauracracy, egos and shear scope of the tasks.
There are so many agencies, departments, divisions with overlapping initiatives. Each of these entities has its own cyber security strategy. National cyber security plans exist. But core to the problem is that there is not a unified mandate or declaration that our cyberinfrastructure is a vital asset for national and economic security. If we threw the right resources at it as we do many other less important things, we could get our hands around the problem.
Like most things with the federal government, money is spent on either some politician’s latest project that benefits his constituencies alone, the latest emergency of the day, and most recently the federalizing of private industries. They can hold hearing, form committees, create strategies, but nothing will happen until a MAJOR cyber incident shuts down and/or compromises a significant aspect of our society, infrastructure or commerce.
Cyber defense is not a technical problem; it is a people and organizational problem.