Tuesday, March 2, 2010

Investing In a Clear and Compelling National Security Strategy

This past Sunday, Mike McConnell wrote an article titled: To win the cyber-war, look to the Cold War.   Mr. McConnell is the former director of NSA and the former Director of National Intelligence (DNI) during President Bush's second term.

Mr. McConnell brings out the point:

"The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge"

I am personally not convinced that resources are not an issue.   I think we have a severe lack of security experts in this country in the commercial world.   I would like to say a lot more invested in colleges and universities in terms of security courses and better collaboration between the three letter agencies, industry and academia.  Security must be baked in from the beginning, because if you do not, you can never go back and insert it later with any real success.  Java is a great example of designing security in from the beginning.

A very interesting topic that Mr. McConnell brings up is the Cyber ShockWave simulation at the Bipartisan Policy Center.

I was disappointed that Mr. McConnell did not discuss the importance of open source in security.  Security through obfuscation never works.

A statistic to put this in context was brought out at the Wall Street Journal's blog page by Sarmad Ali is the following:

"There were 54,640 total cyber attacks against the Department of Defense in 2008, according to the report. In the first half of 2009, the number of attacks targeting the department was 43,785. The report maintained that if the influx of incidents continued for the rest of the year, it would represent a 60% increase over 2008"

As devices get smarter and smarter, devices will be suspect to attacks as well.