If you've seen recent headlines about cyber attacks, you've had to consider some troubling questions: How real is the threat? How serious are the consequences? How prepared are we?
In a recent speech, U.S. Secretary of Defense Leon Panetta described a dire scenario--a "cyber Pearl Harbor". He outlined what would happen if a coordinated cyber attack derailed trains filled with lethal chemicals, shut down air traffic control screens while thousands of planes were in the air, and brought our financial trading systems to a standstill. In the blink of an eye, the world would become a bleak place.
Unfortunately, scenarios like these are backed up by the facts. And we're not as prepared as we should be.
A clear and present danger.
Cyber warfare isn't just a future threat; it's happening right now. On August 21st, the Huffington Post Fact of the Day highlighted a 680 percent increase in cyber security breaches against the federal government in the last six years. A recent, blatant attack by the Chinese on sensitive Google networks--which followed other attacks on the New York Stock Exchange and the Pentagon--has led to escalating concern about our cyber security. Concern isn't the only thing that's growing: In fiscal 2011 alone, Washington spent $13 billion to protect information technology from attack. And this number doesn't include the amount spent in the defense budget to increase digital warfare capacity.
And the U.S. isn't just concerned about cyber defense; many are exploring the offensive potential of cyber attacks. The New York Times reported that the U.S. debated using cyberwar tactics in Libya, with the goal of disabling Libyan communications networks and preventing their early warning systems from detecting NATO warplanes.
Other nations have been the targets of cyber attacks as well. The best-known salvo in the cyber wars was Stuxnet, a computer virus that attacked Iranian nuclear centrifuges. But Stuxnet has morphed into Flame, Gauss, and Duqu--all variants of the Stuxnet code. Flame and Gauss were targeted at the Middle East, capturing personal data and invading bank accounts in Lebanon, while Duqu appeared to be aimed at power plants and oil refineries.
Cyber warfare takes many forms, and its impact is far reaching. To preserve our security, we need IT professionals who are up to the challenge.
A new kind of war needs a new kind of "army."
So how do we prepare for cyber war? Past wars involved recruiting young men to fight in foreign lands. Now the enemy is in virtual space and must be fought everywhere. In previous conflicts, we needed soldiers who were tough enough to succeed in battle. But physical strength is no longer a requirement; instead, the fight requires a sophisticated knowledge of computer security and code. Cyberwar has different requirements--requirements that we can meet by capitalizing on things we already have in place. Here's how:
- Increase the number of IT professionals with security certifications. Information-security credentials like the CISSP® and CISM® represent the minimum level of training that cyber security warriors will need. And it's the key place to begin. IT Trainers like InfoSec and Secure Ninja are the boot camps where cyber warriors gain the fundamental skills for battle. For those who want to go beyond, intensive college and university programs are the next step. At some institutions, certificate holders can earn credit for prior learning for the certificates, streamlining their path toward a degree.
Building the skills. Finding the will.
In the U.S., we have the people, the talent, and the technology to meet the cyber security threat head on. Now we need the will to recognize the size of the challenge--and leaders willing to transition our current military spending to this new way of preparing those who will defend us.