Blog Entry #13: Cyber War Preparedness

Link: http://m.itworld.com/security/304904/why-governments-cybersecurity-plan-will-end-catastrophe?page=0,0&mm_ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dcyber%2Bsecurity%26hl%3Den%26client%3Dms-android-sprint-us%26tbo%3Dd%26source%3Dandroid-browser-type%26v%3D141400000%26source%3Dlnms%26tbm%3Dnws%26sa%3DX%26ei%3Db2WGUO6pLsXf0gHU24DADw%26ved%3D0CAoQ_AUoAw

            In his new proposal to sure up US cyber defenses, Defense Secretary Leon Panetta laid out a plan that would give the government unprecedented and invasive access to private systems in the US.  While the threat on America's infrastructure is very real, according to the author, Rob Enderle, the proposed system to monitor it would create privacy issues.  Panetta feels this intrusive measure is necessary to prevent a 9/11 scale cyber attack.  The article makes a strong argument for not implementing his plan and points out that Panetta's idea may be more dangerous.
            The fact that the various infrastructure systems in the US are independent and do not even have "a common security structure", means that potential cyber attackers would have to narrow the focus of their attack on a particular area.  With Panetta's plan there would be a link that, no matter how well protected, could potentially be exploited.  We saw with Stuxnet that it is possible to attack a closed system.  However, that was highly sophisticated and took a huge amount of resources.  An attack that could be waged on a single point of weakness, via a connected network, might be far less difficult for someone with similar resources, or even a small group of motivated private citizens.
            Enderle continues his article with a few ideas that he sees as more effective.  He proposes that compensation is given to companies hurt by attacks, with the money coming from the targeted government agency's budget, and requiring minimum legal coverage.  He feels this plan "would promote a higher level of prevention through better-funded protection."  I would like to know if there would be any accountability on the side of the private sector in addition to the government agencies, but at the very least, requiring a minimum legal standard of coverage seems like a smart idea.