Former NSA director Mike McConnell thinks we need to gear up for cyberwar, and he has a modest little plan:
We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable.
“Reengineer the Internet”? But what are we going to do after breakfast, Admiral?
Instead of funneling billions into the Department of Defense, here’s another idea: why don’t put a tiny bit of effort into regulating all the computer-based electronic devices we’re deploying, like “smart electric meters”. We have 8 million of those in the field, and a utility company study found they contained “security failures we’ve known about for the past 10 years.”
Almost every commercial, computer-based system failure follows the same pattern: weak regulatory standards, closed-source software, reliance on security through obscurity, and shoddy engineering discovered after the fact. If we required that every widely-deployed computer-based system was subject to regulation and open review, we’d close the kinds of vulnerabilities that have dogged technology like voting machines and SpeedPass.
Of course, it’s not as much fun to talk about regulation and open review of devices used by millions, mainly because you can’t talk about reacting in milliseconds, use cool code names, or refight the last war:
Ultimately, to build the right strategy to defend cyberspace, we need the equivalent of President Dwight D. Eisenhower’s Project Solarium. That 1953 initiative brought together teams of experts with opposing views to develop alternative strategies on how to wage the Cold War.