Just this morning the Institute put out a new Hack and Patch Dispatch about the Microsoft “Browse Slave” vulnerability.  Today, we were about to blog about the hack of the e-Health system in the UK—with the push towards e-Health in the US, the need for next generation security in such a system is a major theme for us.  However, before we could do so, the news is awash with stories about the latest cyber attack, likely North Korean, against U.S. government websites.

Summer in Washington is supposed to be slow—lazy, hot and awfully humid days spent watching the Nationals lose yet another one-run game, wishing the beach is two hours closer and taking the Founding Fathers names in vein for not picking bay-front Annapolis instead of swampy DC to house our government.  But, sadly, business has never been busier for the Institute.  Therein lies the problem.

In all candor, with all these inherently insecure systems being constantly compromised it is all but impossible for us to keep up.  Where do we focus our attentions?  Do we hammer the latest attack against our government IT systems?  This attack, yet again, shows that our nation is unprepared for the cyberwar—or more accurately low-grade conflict—we are now facing on multiple fronts. Do we focus on the rush to create an e-Health system that will leave the nation, and all of us as citizens, consumers and patients, vulnerable and at real risk?  Or do we draw attention to the latest hack and patch of the Microsoft system, clearly demonstrating that the IT system that nearly every American relies upon is inherently flawed from a security standpoint?  Rest assured, by the time I write this blog there will be yet another attack, vulnerability, worm, flaw, gap, and cyber horror.

However, the attacks will not stop until someone makes it stop.  It won’t stop until the Obama Administration gets tough on cybersecurity.  The President is to be applauded for his focus on this issue.  But a budget-less, fang-less cyber coordinator isn’t going to force change.  That said, it is a start.  Nonetheless, the only way things will change is if change is driven—top down from the President, and bottom up from all of us.

Just as early environmental law forced the car industry to meet aggressive, at the time out of reach fuel efficiency standards.  Just as Kennedy charged the public and private sector to go to the Moon: “We . . . do [these things] not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.” Just as consumer demand for healthier products now has McDonalds offering salads and fruits.

We need to force a new cybersecurity paradigm.  We have to provide incentives and mandates to encourage, cajole, and yes even compel, the IT world—from innovators to integrators to users—to seek a new course.  This next generation of IT needs to be based upon inherently secure technologies, not the hack and patch technologies of today.  This will require a bold departure.  However, it is long overdue.

That said,  I need to go focus on a new report from Oracle that says consumers don’t trust ecommerce security—I can’t imagine why.

This entry was posted on Wednesday, July 8th, 2009 at 7:45 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.