A cyber attack launched from cell phones that takes down the U.S. power grid makes for a sexy movie plot, or to be precise, a cable-TV pseudo-documentary. The quotidian struggle to contain daily attacks on U.S. network infrastructure, the theft of credentials, data, and code–not so much.
So it’s not too surprising that the calm and reasonable, but still chilling Feb. 23 testimony of James A. Lewis of the Center for Strategic and International Studies before the Senate Commerce Committee did not get a lot of attention. But it should have.
“We talk about cyber attack and cyber war when we really should be saying cyber espionage and cybercrime,” Lewis told the committee. “Espionage and crime are not acts of war. They are, however, daily occurrences on the internet, with the U.S. being the chief victim, and they have become a major source of harm to national security. The greatest damage to the U.S. comes from espionage, including economic espionage. We have lost more as a nation to espionage than at any time since the 1940s. The damage is usually not visible, but of course, the whole purpose of espionage is not to be detected.”
Lewis was testifying in support of the Cybersecurity Act of 2009, a controversial measure sponsored by Sens. John D. Rockefeller IV (D-W. Va.) and Olympia Snowe (R-Me.) that would give the government enhanced powers to deal with attacks on networks.
He challenges the Internet’s founding utopians as well-intentioned but hopelessly naive: ” Cyberspace is not a global commons. It is a shared global infrastructure. There is rarely a moment when a collection of bits moving from one computer to another is not actually on a network that someone owns and that is physically located in a sovereign state…. Cyberspace is in fact a more like a condominium, where there are many contiguous owners.”
Lewis’ call from stronger national controls and regulation of security on networks will be unpopular with business interests, small government advocates, and open networks activists–and otherwise unlikely coalition. But face with growing evidence of increasingly serious and professional attacks on networks, it may be time to lay ideology aside and consider some serious defensive action on a scale the provably only government can mount.