This has certainly been a tumultuous month in the worlds of technology, politics, and cyber security.
When Internet giants such as Google, Wikipedia, WordPress, Twitter, and Craigslist joined the massive protest against proposed Federal legislation that would have given the government unprecedented power to shut down websites alleged to be offering unauthorized access to copyrighted works; the firestorm of controversy actually caused Congress to back down and withdraw the legislation.
Then, when only a few days later, federal officials in concert with law enforcement authorities in other countries actually did shut down the file sharing website, Megaupload; hackers worldwide joined ranks and in a coordinated cyber attack brought down websites including those of the FBI, The US Justice Department, the Recording Industry Association of America, and the Motion Picture Association of America.
That action, combined with cyber security breaches over the past year at companies including Sony PlayStation, Chase Bank, RSA, and Symantec , got me thinking about “the good old days” when we all weren’t so interconnected, and everything about us wasn’t in a database somewhere online.
While we obviously can’t return to the days of messages inscribed on stone tablets and smoke signals rising up over the prairie, there may be some ways to keep our really secret information actually secret. At least, that’s what some officials are hoping, as they grapple with the very real challenges posed by the vast proliferation of online information and the increasing sophistication of those who want to steal it.
I read an article recently about federal officials who are talking about taking sensitive government information completely off-line, in an effort to safeguard it. In addition, the top US General in charge of military electronic networks is saying they are “not defensible” as they are structured now. A move toward restructuring and consolidating as many as 15 thousand separate military networks, help desks, and data centers is underway, along with a move toward cheaper, easier, and purportedly more easily defensible cloud computing.
But whether your data is “on the cloud” or on the ground; it can still be stolen. Sure, if you take data offline; you’re protected against remote attacks. But what about “inside jobs” like the CD copy of top secret government information made by a low-level military employee that resulted in the massive Wikileaks scandal last year? To guard against things like that; you’re going to have to vigorously enforce a whole range of security measures–not just those directed at protecting cyber-space.
The good news is that security reforms designed to protect against such leaks are already underway, according to National Intelligence Director, James Clapper, who says Wikileaks has heightened the government’s sensitivity to insider threats.
When I think of all the ways modern security measures can be bypassed though; I wonder if officials might consider returning to old fashioned strategies like top secret paper files guarded as closely as the US gold reserves at Fort Knox, and elite military units like the Navajo Code Talkers of World War II.
I don’t mention strategies from the past to indicate that I believe there are tried, true, old, and time-tested answers to today’s very real and newly emerging problems. I mention them because they represent strategies that actually worked in difficult times when our nation most needed them.
Today, we are faced with an enormously complex and ever-changing electronic infrastructure that is fragmented, vulnerable, and (apparently) quite easily overcome by increasingly sophisticated and effective attacks. That there is now a recognition at the highest levels of the need to simplify, consolidate, and control the vital electronic networks that make our military defense both possible and manageable; is a good thing. Now, we need to watch and see if the will to create order from chaos is actually carried out through appropriate and effective actions that will truly make a positive difference.
But what about the rest of us? If those who control our vast military force feel insecure about their networks; what about civilian networks? The fact that they are just as vulnerable to exploitation and attack led an IT professional I spoke with recently to suggest that the way we surf the web now could change in the future. One day, he theorized, we might do most of our work on smaller, more private, and more secure networks; only occasionally venturing onto the worldwide web.
I find this idea extremely interesting in theory, but wonder how or if it would actually work. Would people be willing to accept less freedom to roam the web in exchange for more security?
Would they respond with kind of annoyed but resigned acceptance we all experience at airport security checkpoints, or would they respond with overwhelming negativity like they did this month before the Stop Online Piracy Act and Protect IP Act (SOPA and PIPA) were abandoned, and after Megaupload was shut down?
This is a topic I would very much like to explore further, and I welcome your comments.