« Unexpected Christmas Presents from Bloggers Dave Weiss and Debra Hamel | Main | I'm On Twitter! »

Protecting The US From Foreign Hackers Tue 30 Dec 08

Hackers_jose_goulao A recent Op-Ed piece in the Houston Chronicle, "U.S. must update laws defending against foreign hackers" caught my attention.  Congressman Jim Langevin (D-RI) and Congressman Michael McCaul (R-TX) wrote the piece in concern about foreign threats to our information technology systems and made some suggestions on possible improvements.  Although not in total agreement I do think they make some excellent points.

First, however, I feel the need to comment on the emphasis on foreign threats.  Putting the argument in terms of a "foreign" threat smacks of sensationalism and xenophobia.  If an American hacks my computer and steals my personal information I find no comfort in the fact that the thief wasn't a foreigner.  Cyber security is an issue of real significance.  Let's not trivialize it with sensationalism.  The bottom line is that a threat to cyber security is an important issue regardless of where that threat originates.

Langevin and McCaul get to the heart of the issue nicely when they say:

"Our national leaders have been far too slow to understand the scope and significance of this threat. America's laws for cyberspace are decades old, written for primitive technologies in a less-connected era. Our bureaucracy is organized for an industrial age. We are not prepared to meet the threats of the 21st century."

They then make a suggestion with which I whole-heartedly agree:

"We would begin by announcing a national cyber doctrine, declaring the cyber infrastructure of the United States to be a national security and economic asset that requires protection using all instruments of national power —diplomatic, economic, military, law enforcement and intelligence."

In a previous post I had suggested that President-Elect Obama's new CTO role address the issue of data security and use the bully pulpit to frame the debate on this and lead the way based on sound technical reasoning.  Although we agree in principal, I'm not sure that I'm ready to sign-up for Langevin and McCaul's specific suggestion of creating a National Office for Cyberspace.  Their reasoning is that "many people and agencies are responsible for securing pieces of cyberspace, but nobody is in charge of the overall vision."  While this is no doubt true I'm not sure adding another bureaucracy into the mix will help.

As they indicate there are already people and agencies in place to deal with this important issue.  I believe what they lack is resources and funding, jurisdictional authority, and leadership.  To me it would be better to fix these issues than to start another overlapping bureaucracy.  I realize that Washington often goes for the solution that appears to be doing something than actually accomplishing something.  No doubt the logic is that it helps your re-election efforts to say you helped create a new government agency rather than getting an existing on on track to actually improve cyber security.

It is interesting to note that the title "U.S. must update laws defending against foreign hackers" would seem to imply that we need laws against this activity.  This is similar to thinking laws against stealing cars prevents auto theft - if so we why do all still lock our cars?  To be fair to the authors I don't know if they actually wrote the headline or an editor did that.

I hope this isn't the authors thinking and further reading into the body of the article gives me some hope.  They believe that "new collaborative regulatory model that espouses sensible regulations, combined with incentives, will result in stronger cyber security throughout the private sector."  I'm interpreting this to mean they are going to work on regulations to prevent hacking from happening more than trying to punish hackers after the fact.

I would hope this office (be it the proposed new office or an reconstituted existing agency) focus on raising awareness of the issue and getting the government and private sector to take proactive approach to preventing hacking rather reactive measure.  Any new regulation should be aimed at encouraging this type of behavior similar to the HIPAA and Sarbanes-Oxley regulations. 

At the same time they would also do well to study these to impacts of HIPAA and Sarbanes-Oxley to avoid some of their pitfalls.  The last thing we need is  more"security theater" similar to much of what the TSA puts us through at airports.  Check out security expert Bruce Schneier's blogfor a number of articles on how many of the TSA activities while well-intentioned are useless in terms of actually making us more secure.  Perhaps we need to draft Schneier to head-up this effort.

Langevin and McCaul's recommendations are part of the final recommendations of the Commission on Cyber Security for the 44th Presidency.  The fact that such a committee exists coupled with President-Elect Obama's promise to appoint a CTO are good signs that information technology and data security will get some needed emphasis in the coming years.

Please leave a comment- I'd love to hear what you think we need to do to improve cyber security.

"Hackers" photo by José Goulão

If this topic was of interest, you might also like these:

            Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed


TrackBack URL for this entry:

Listed below are links to weblogs that reference Protecting The US From Foreign Hackers:



tell_a_friend Tell a Friend About Mike's Blog

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.

My photos on
Mike Schaffner's items Go to Mike Schaffner's photostream

Free Subscriptions
  Free RSS Subscription

Free RSS Subscription

For An Email Of New Articles
Enter your email address:

Read On Your Mobile Device


Join the Conversation
Subscribe to Comments
  Free RSS Subscription

For New Comments Email
Enter your email address:

This is the personal blog of Michael W. Schaffner. The opinions expressed in this blog are soley mine and those of commenters. You should not infer that these opinions are the opinion of or have been endorsed by any current or former employer.

Please review the Privacy Policy.   I do love comments and trackbacks but I do reserve the right to remove any that don't comply with the Comments and Trackback Policy.  Rather than clutter up the front page with badges and statistics that are of little interest to anyone other than me I thought it would be best to establish a separate page for statistics and rankings.

Copyright © 2006, 2007, 2008, 2009 Michael W. Schaffner       You may copy or quote sections of this blog if you provide an attribution consisting of a reference to the Michael Schaffner and ''Beyond Blinking Lights and Acronyms" along with a hyperlink (if a web reference) to the blog posting.     

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.