June 7, 2009 /
Critical Infrastructure Protection: Are We at a Cyber Crossroads?
Are we truly at a significant crossroads in the protection of our Nation's critical infrastructure? More specifically, will the cross-sector cyber infrastructure issues now be addresed with a sense of urgency and be given the required resources to build-in the required 21st century security protections? Have the many state and local government computer infrastructure issues become a real priority? I'm now more optimistic.
What modified my opinion? We held our second annual Michigan Cyber Security Summit in Lansing this week, and I was honored and privileged to introduce and interview Harry D. Raduege, Jr., Lt. General, USAF (Ret) as part of an extended keynote session at the end of the day. Not only was I impressed with his words, I was motivated and encouraged by his unique perspective.
General Raduege's very impressive military career included several years as Director of the Defense Information Systems Agency (DISA). He is currently the Chairman of the Deloitte Center for Network Innovation, and he was recently the co-chair for the Center for Strategic and International Study's (CSIS's) Commission on Cybersecurity for the 44 th Presidency.
After his initial remarks, our conversation centered on the recently released results of the 60-day Cyberspace Policy Review which has received a huge amount of media attention. The General covered the background on these issues, the link between the Commission's findings and the Policy Review, and the near and mid-term actions to be taken.
Two of my questions included: "Why is this a crossroads? How is this situation different than before?"
General Raduege responded by describing with passion the billions of dollars we are losing to organized cyber crime. He articulated a strong business case, and he provided scary facts regarding illegal access to both private sector and government networks over the past few years. These were figures that I knew from press reports and from meetings with the Department of Homeland Security and other government agencies and states over the past seven years.
But the General's answers intrigued me the most when he described President Obama's passion for this issue at the recent release of the 60-day Cyberspace Policy Review at the White House. He sat a few feet away from the President during the event, and General Raduege told us that a new focus was evident. This inside perspective came from a decorated career cyber expert with a great reputation.
At a post-event reception, several colleagues commented that General Raduege's passion was contagious.
So I went home and took another look. Yes, I had already read the 60-day Cyberspace Review, but after the session, I reread most sections through a different lens. The Review's actual title is easy to overlook: "Assuring a Trusted and Resilient Information and Communications Infrastructure." I had previously skipped over the preface to get to the "beef," but think about these important words from the preface:
"... But with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprises, and individual rights. The government has a responsibility to address these strategic vulnerabilities.
The architecture of the Nation's digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations...."
More than the detailed action steps, these words are powerful. If acted upon, they show a new commitment that will greatly impact state and local government in many infrastructure sectors. Many computer issues need to be addressed from broadband Internet access to health IT to protecting airlines.
(One side note, the Air France 447 story printed in the United Kingdon (UK) on Sunday demonstrates the critical importance of computer infrastructure to all aspects of transportation. Even though "foul play" may have no part in that plane accident, if this computer crash theory is true, the role of computers will be under a spotlight once again.)
The skeptics will likely say that all of the words in the new cyber plan are nice, but we need action. There is no doubt that I have heard and read much of this over the past few years, without significant change across the country at the state and local level. There is certainly much to do, and more dollars are needed.
Still, I am encouraged that this issue is now a top priority in DC. I am also more convinced that additional resources will be applied to this urgent set of infrastructure problems. Whether this will be seen as a "Berlin Wall falling" type of moment or a significant cyber crossroads will be determined by the actions we take going forward. I think the Bush Administration understood the importance of this issue very late in their term, but the momentum which began last year seems to be growing. This topic should continue to have bipartisan support going forward.
In conclusion, I urge you to reread the 60-day review as I did. But as you read, think of the resolve that our Nation had in the 18th and 19th centuries as we faced "threats foreign and domestic." General Raduege's words challenged me to think of our 21st century cyber threats as needing that same kind of united resolve and unity of purpose.
Yes, I knew most of the cyber attack facts and figures before, but now I am more inspired to believe that positive change is coming. Thank you General Raduege for your service and for coming to Lansing. You brought the "inside the beltway" words to life in Michigan.
What are your thoughts? Is this a cyber infrastructure crossroads?