Responding to a cyber Pearl Harbor

In less unusual times the hacking of computer systems in top U.S. government agencies might have dominated the news. The act needs a prompt, vigorous response.

|
FILE/REUTERS
Optical fibre cables are seen in a telephone exchange in Rome.

The drama of Washington politics, including the bumpy transfer of power between political parties, understandably has seized public attention now. And the ongoing pandemic fills nearly the rest of the news diet.

But if the United States weren’t experiencing such unusual times, the massive hacking of U.S. government computer systems might be dominating the news media. Granted, most people are pretty oblivious as to just what goes on behind the scenes as they type away on their laptops. Information flows, coming and going. They may know that internet privacy has been a concern for a while, but aren’t sure exactly what’s at stake or what can be done about it.

At least one close observer has called the hack of U.S. government computer systems first exposed last month as nothing short of a Pearl Harbor moment, a sneak attack of huge and lasting importance.

A quick review: In December, Orion management software developed by the SolarWinds company was found to have been hacked, very likely by Russian agents. Orion is used by some 18,000 clients, mostly private corporations. But among the users penetrated were U.S. government agencies, including the Department of State, the Department of Homeland Security, the Pentagon, the Department of the Treasury, and the National Nuclear Security Administration. Even Microsoft’s ubiquitous Windows and Office programs may be compromised. 

The attack apparently was launched from within the U.S. enabling it to avoid sensors set up by the National Security Agency that look for threats originating abroad.

What does “hacked” mean? Passwords, user IDs, source code, and financial records would have been exposed to view. What’s not yet as clear is whether malware has been installed that could cause future vulnerabilities, such as corrupting databases or seizing control of power grids. 

The world of software development has put a priority on rapid innovation, ease of use, and shiny new features. Security has lagged behind, the necessary killjoy. The biggest change coming out of the SolarWinds debacle is likely to be a new insistence that security take a top priority.

Solutions won’t be easy or inexpensive. Government agencies will have to cleanse their systems. Numerous questions will need answers, security experts say: What were the goals of the attacks? Why was such vulnerable software chosen in the first place? What new security standards need to be implemented? What assurances will vendors give that their systems are secure, and what penalties should be imposed for their failure?

The software used by government often overlaps with that in use in the private sector. New security standards for software the government procures could increase security for products that all Americans use.

The National Defense Authorization Act recently passed by Congress contains some provisions that address cybervulnerabilities. And this week the FBI, the Cybersecurity and Infrastructure Security Agency, and other agencies joined forces to try to get a handle on a problem so pervasive that no one agency can cope with it.

The incoming Biden administration will have to act quickly. President-elect Joe Biden faces a list of formidable challenges that need immediate attention, headed by the pandemic and its economic fallout. But cybersecurity now must be high on the list too.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Responding to a cyber Pearl Harbor
Read this article in
https://www.csmonitor.com/Commentary/the-monitors-view/2021/0106/Responding-to-a-cyber-Pearl-Harbor
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe