CyberwarfareNapolitano warns of a “cyber 9/11”

Published 6 February 2013

DHS secretary Janet Nepolitano last week said that a coordinated cyber attack on the United States – in effect, a cyber 9/11 — could happen. “We shouldn’t wait until there is a 9/11 in the cyber world,” Napolitano told Reuters. “There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage.”

DHS secretary Janet Nepolitano last week  said that a coordinated cyber attack on the United States – in effect,  a cyber 9/11 — could happen.

We shouldn’t wait until there is a 9/11 in the cyber world,” Napolitano told Reuters. “There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage.”

TopTechNewsquotesChris Peterson, the chief technology officer of LogRhythm, to say  that it is unfortunate that the president has to use an executive order to protect critical infrastructure.

“Ideally, Congress would recognize and act on the threat we face as a nation when it comes to defending ourselves against cyber war and cyber terrorism. These threats are real and will only increase in the years to come — drastically and swiftly,” Petersen told TopTechNews. “If signing an executive order does nothing other than help move cyber security spending up the stack of 2013 IT budgets, it will be a win for us all.”

According to Petersen, there are  valid concerns when it comes to cyber legislation,for example,  the additional compliance burdens on U.S. companies. Petersen said, though, that without a baseline companies will not know whether their systems are protected, and without enforcement, some companies will just think they can take protective measures sometime in the future instead of now, and hope for the best.

We appreciate that there are valid concerns and criticisms that will be disclosed through discussion. However, there is real risk in delaying action as we wait years for all opinions and concerns to be aired,” Petersen said. “We need immediate action with continued refinement in years to come. For example, this refinement could be an industry taking a self-regulating approach similar to NERC-CIP in the energy sector or PCI in retail.”

Amrit Williams, CTO of Lancope, says the threat of a massive attack on critical infrastructure, both public and private, should be enough for the Obama administration to do whatever is necessary to regain control and thwart the threat, but he also admitted that is easier said than done.

This is a massive logistical problem, growing even more so as technology advances and becomes adopted as part of our digital fabric. Unfortunately there will be mistakes, errors in judgment, and poorly written policies that may very well lead to significant self-inflicted damage,” Williams told TopTechNews.