A bipartisan think tank has so far managed to avoid being publicly shamed or taunted for a studious report detailing the incredibly obvious fact that cyber attacks pose a threat to national security. The taunts are held back only because, as ridiculous as it is to be identifying hacking as a possible security threat in 2011, it's not as ridiculous as the almost complete lack of action congress and the national intelligence agencies have taken to deal with it in the ten years since they were warned specifically about the risk of cyber-terrorism.
The Bipartisan Policy Center's National Security Preparedness Group (NSPG)'s report is actually a broad-based evaluation of the progress the U.S. government has made since the terrorist attacks of 9/11/2011 and was delivered in time for the tenth anniversary of the attacks.
Other than that, there's nothing in it that hasn't been revealed, summarized, detailed and beaten to death in the press, in academia and on the floor of Congress, not to mention regular updates in reports from the Director of National Intelligence, which detailed the role of organized crime, foreign governments and stateless terror groups.
The Pentagon's peripatetic efforts at cybersecurity and documentation of regular incursions into the bowels of its secret data have also been regular topics in the press, GAO reports and elsewhere.
The NSPG somehow managed to assume it needed to not only introduce the possibility that catastrophic cyberattack was possible, but assure its audience that the entire topic wasn't made up for TV:
"This is not science fiction. It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority," the cybersecurity portion of the report read, in part.
More important than NSPG's late discovery of the computer is that nine of the original 41 critical security recommendations made by the 9/11 Commission (National Commission on Terrorist Attacks Upon the United States), are still incomplete. They're the important ones, too.
Defending against cyberattacks against the U.S. infrastructure "must be an urgent priority," the commission wrote.
As the NSPG pointed out, though, it was less than a month ago that a DHS report sketched out a "nightmare scenario" in which terrorist hackers attack systems supporting the U.S. electrical power grid, shutting it down for weeks, with grim results.
The NSPG's point in pointing out the obvious, apparently, was that no one has done much about it.
The 9/11 Commission recommended a "Privacy and Civil Liberties Oversight Board" that would help maintain the balance between digital espionage and eavesdropping and the rights of Americans not to be eavesdropped upon.
The board would be a key part of a project in which public and private security specialists were able to work together on an integrated – or at least coordinated – plan to secure major infrastructure systems.
The part of the eavesdropping recommendations that let law enforcement get copies of your texts, phone record or Internet access records went through right away. The part about tightening security or ensuring that civil rights aren't compromised? No progress so far.
It's only been three years since the final recommendations were confirmed by the Commission, accepted by Congress and published in book form so they could be more effectively ignored, however. Maybe if we wait a few more years something useful will happen.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.