paulmudgett.com

Leave “Cyberwar” in Hollywood

The more I read about Howard Schmidt, the new cybersecurity czar for the Obama administration, the more I tend to like what I’m hearing.  I still think the position is limited because he has no budegtary authority but he appears to be quite capable of delivering the message of information security without resorting to FUD.  I like that.

There continues to be an overuse of terms such as “cyberwar”.  I hope we can end the movie hype and get down to business.  I don’t disagree that there is a persistent threat from state sponsored attackers.  I believe there is a rise in targeted attacks that are designed to steal sensitive information and perhaps disrupt business as usual.  The government and the private sector need to address our information security needs and be agile in development of defenses against new threats.

In an interview with Wired.com, Schmidt had this to say:

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

- Ryan Singel, “White House Cyber Czar: There Is No Cyberwar“, Wired.com Threat Level, March 4, 2010

This is in direct contrast to Michael McConnell, former director of national intelligence who continues to ramp up the rhetoric about a cyberwar.  Let’s look at McConnell’s history.

• McConnell convinced President Bush to provide funds to the NSA to lock down the government’s classified networks.   Of course, McConnell’s position placed him in charge of that effort.
• McConnell now calls for a “re-engineering” of the Internet.  Of course, the company he works with stands to profit incredibly from this type of effort.

You can decide for yourself McConnell’s motivation.

Schmidt doesn’t appear to turn a blind eye to the need for government to protect classified information and the NSA has a role in this.  The government certainly has an eye on things that just aren’t visible to the private sector.    The private sector has a big dog in this fight as well, especially in regards to financial transactions and the use of personally identifiable information.

“A pessimist is an optimist with experience” (unknown).  I share in McConnell’s call to action but not his drastic, doom and gloom approach where excessive government control over the Internet is the only solution.  His passion is admirable, if not misguided.

Schmidt, on the other hand,  isn’t ignoring the need for government to bolster its defenses, he appears to simply approach the necessity for action without inciting knee-jerk reactions from ignorant politicians.  I like this approach rather than the call for citizens to put their head in the sand and let Uncle Sam take over.

“We can’t sit there and be waiting for the next intrusion attempts to take place,” Schmidt said. “We need to become stronger in what we are doing so we are better able to resist the things that are being thrown at us.”

That’s a call to action.  This isn’t a problem that is owned exclusively by the government nor does the solution reside entirely in that realm.  However, if the private sector doesn’t step up and be proactive in the way we protect our infrastructure and information, then we deserve to have government do it for us.