The recent wave of cyber-attacks on American and South Korean websites raises a new kind of security issue: Do we have enough brainpower in the pipeline to counter such sabotage in the future? To put it another way: Does the United States have enough hackers of our own who can think like the bad guys?
Earlier this week, U.S. Senator Kit Bond, the Vice Chair of the Senate Select Committee on Intelligence, warned that the recent attacks demonstrated how a cyberattack "could take down our entire infrastructure":
Bond says, "It could crush our country and the world economy, which depends upon the United States as the world's leading economy. If they take us down, they cripple everybody."
Bond says well-publicized cyberattacks this month underscore the seriousness of the problem, which his committee has been studying. The recent attacks spread viruses to U.S. and South Korean personal computers, slowing them down and turning them into zombies connected to unknown sites.
The recent attacks were aimed at 27 sites in the United States, including the White House, Treasury Department, Secret Service, Federal Trade Commission and Transportation Department as well as well as the New York Stock Exchange, NASDAQ, Yahoo's finance section and the Washington Post. Eleven sites in South Korea were also targeted, presumably by hackers sponsored by North Korea.
Though the attacks were considered relatively unsophisticated, they were audacious. They jammed some sites for days. Most sites were functional by the end of the week, but we might not be so lucky if the next intrusion is more artful.
In fact, the number of cunning cyber attacks on the U.S. has been escalating:
- In April, federal officials acknowledged that cyber spies had hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, though it was not clear when the breach occurred. It was believed that the intruders were Chinese and Russian hackers.
- In March, U.S. Sen. Bill Nelson, D-Florida, who is a member of the Senate's Intelligence, Armed Services and Finance committees, said his office computers were hacked three times by "cyber-invaders thought to be inside China."
- Defense Secretary Robert Gates confirmed on 60 Minutes in April that hackers stole electronics specifications for the Pentagon's new F-35 Joint Strike Fighter project and infiltrated the Air Force's air traffic control system. He told Katie Couric, the U.S. is "under cyber-attack virtually all the time, every day."
Gates said the Defense Department plans to boost the number of cyber-experts it can train from 80 to 250 by 2011. Toward that end, General Dynamics Information Technology put out an ad in the spring on behalf of the Homeland Security Department seeking someone who could "think like the bad guy."
But finding those cyber experts may not be easy.
In the recent Top Coder Open, an international competition that is supported by the U.S.'s own super-secret National Security Agency as a way of identifying programming talent, the most skilled contestants were from China and Russia. They dominated in every category from writing algorithms to designing software components. How many of the 70 finalists were from the U.S.? Only two.
Out of 4,200 contestants, China entered 894, India 704, and Russia 380. The U.S. trailed with 234 contestants, just above Poland, which had 214 entrants. Egypt had 145 contestants and the Ukraine 128. The winner was an 18-year-old from China.
Though relatively unknown to the public, the results of the Top Coder competition raised concerns in security and software circles because it is the programming experts with math and science backgrounds that develop the algorithms and advanced software that are used in cryptanalysis, virus, and spyware software as well as Public Key Infrastructure (PKI), which is essential to securely transfer data and money on public networks on the internet.
As one security professional warned, if the U.S. does not develop more domestic software-writing talent, it could soon be outsourcing its software to the same countries that are trying hardest to break into our systems. China, for example, is widely believed to be the leading producer of malware, which can infect and cripple computer systems.
International comparisons have shown for some time that American students are being outpaced in math and science -- dropping to 19th in math and 14th in science in rankings by the Organization for Economic Cooperation and Development (OECD). When you look around, it's clear that other countries simply are making math and science a higher priority -- in China 42 percent of the college graduates are in math and science fields. In the U.S., just 5 percent are.
To its credit, the Obama administration is directing record funding to math and science education and this spring appointed a Cybersecurity Chief at the National Security Council. The recently-completed Cyberspace Security Review recommended the U.S. "must build an education system that will enhance the understanding of cybersecurity" and "expand and train the workforce to protect the Nation's competitive advantage."
What's needed now is for more state and local leaders, foundations, education organizations, teacher's groups, and school leaders to join efforts to ramp up American math and science education from k-12 to Ph.D. The U.S. must educate a workforce that is more literate in science and math to restart our economy as well as to defend against escalating cyber threats. Moving slowly is not an option.
Janet Napolitano, Secretary of Homeland Security, got it right:
This is the next great area of security for our country and it is so very important that we all get at it.