October 21, 2012, 7:57 AM — Last week Defense Secretary Leon E. Panetta presented his case for an invasive system to monitor the nation's private systems in order to better identify and respond to cyber threats.
Panetta correctly points out that the likelihood of a 9/11 scale cyber attack is real-and if something isn't done, large sections of the U.S. infrastructure could fail. He uses as an example the successful attack on ARAMCO, a Saudi Arabian state owned oil company, which wiped 30,000 computers, causing massive data loss and rendering them temporarily useless.
News: Future Cyber Attacks Could Rival 9-11, Cripple US, Warns PanettaGet the latest IT news and analysis from Constantine von Hoffman's IT Security Hack blog
The proposed remedy is to provide the U.S. government with broad access to private systems so that malware can be quickly identified and removed and other national threats identified and stopped. The problem is that such access creates privacy issues and may itself be a bigger problem than the threat it attempts to eliminate. Not only is the requested change unlikely to happen any time soon, it may increase the potential for either a domestic or foreign cyber attack.
Central Network Eliminates Natural Protection
One hidden benefit in the fact that our systems often don't share information well or have a common security structure is that attacks against infrastructure therefore have to be tightly targeted. This means an attack on one private or public system probably won't even work on most others, since they run a variety of different security packages, operating systems and applications, all surrounded by different policies.
One of the reasons we haven't yet had a repeat of 9/11-that is, an attack that reaches catastrophic levels-is because these systems just don't interoperate very well or share information at a low level. The amount of work to carry out such an attack currently exceeds the resources of the attackers.