Story

Cyberattacks: We are vulnerable

Citing concern that a major cyberattack "could be imminent," Joe Lieberman, the independent Connecticut senator and chairman of the Homeland Security Committee, has reintroduced a modified version of the Cybersecurity Act of 2012 that he coauthored with Sen. Susan Collins, R-Maine. The legislation seeks to protect America's electric grid, water systems, financial networks and transportation systems.

Lieberman's warning of serious vulnerabilities to cyberattack in the United States' critical infrastructure should be a reminder to all of us that national security can no longer be seen from the defense paradigm of the 20th century -- when the biggest threat to free and open democracies came from the expansionist ideology and nuclear stockpile of the now-defunct Soviet Union.

Last month, "Malware Monday" highlighted the panic that a few rogue individuals can cause on an international scale. While the shutdown of the Internet was effectively averted by law enforcement, the threat poses serious concerns over what a well-funded, state-sponsored cyberprogram could do with a more heinous agenda.

We tend to think of national-security threats in terms of soldiers crossing borders, planes crashing into our buildings, flags and ideologies being pressed upon us. But an emerging and increasingly terrible 21st-century weapon is being devised by those who wish to cause harm to us. It requires no bullets, armies or bombs, and it can cause damage on a scale unparalleled in history. The weapon is a well-coordinated and perfectly exploited cyberattack.

The scope and sophistication of cyberattacks have become increasingly menacing over the last 10 years; all indications suggest that this menace will grow exponentially in the future. Whether perpetrated by rogue nations or even by individuals, such an attack could cripple our entire banking system, disrupt power grids and sever vital communications with a few cleverly placed lines of code. These agents can conduct lethal attacks from thousands of miles away with relatively little funding.

It is absolutely crucial that legislators, policymakers, private-sector leaders and citizens apply great effort and collaborate in crafting safeguards against our vulnerabilities.

It should be no shock that state actors such as China and Russia have developed advanced cyberespionage and intelligence-gathering capabilities aimed at curtailing American economic and military influence.

A report compiled by the Office of the National Counterintelligence Executive outlined a surplus of illicit digital intrusions and illegal business practices with digital footprints leading back to these two nations.

Key targets include information and communications technology for use in the private and public sectors, locations and supplies of natural resources that would enable lopsided negotiations with U.S. businesses, and advanced military technologies such as unmanned aerial vehicles and marine systems. The success of these two nations' cybercapabilities has inspired other countries, such as Iran, to invest millions in developing their own cyberprograms.

The United States faces major challenges securing critical infrastructure. Because cyberattacks can damage the operations of our government at the local, state and federal levels, as well as our interests abroad, we need to think globally and act locally to protect ourselves in cyberspace.

This requires bringing together -- in a nonpartisan manner -- federal, state and local units of government, corporate leaders, chambers of commerce, technology-solutions providers, universities and research institutions, the media, and the American public.

I envision this combined cybersecurity effort as an "ecosystem" that would include all stakeholders collaborating on issues of national importance within a community. Because cyberattacks affect all levels of society, such ecosystems would exist across the country, addressing unique threats and security challenges facing each community.

Having localized ecosystems would allow for greater protection for the backbone of our country's supply chain -- the small to medium-sized businesses that make up 84 percent of our nation's firms.

Large corporations' cyberbreaches have been highly publicized, but it is incredibly difficult and expensive for a small- to medium-sized businesses to defend against even the simplest exploitations. A cybersecurity ecosystem would address this problem by working with the local community and chambers of commerce to provide the tools and best practices for those unprotected.

Cybersecurity cannot be contained and outsourced to the Department of Homeland Security, Department of Defense and FBI. It requires active engagement of all the stakeholders at every level of society.

The task is daunting; the risk, enormous. Some may argue that if federal bodies such as the Department of Justice can be easily breached by a lone group of so-called "hacktivists," what security measures could a local community possibly design?

While this is certainly disheartening, it only reinforces the case that national security and cybersecurity go hand in hand.

Gopal Khanna is a senior fellow at the Technological Leadership Institute at the University of Minnesota. From 2005 to 2010, he served as chief information officer for the state of Minnesota.