Pierluigi Paganini March 25, 2012

For years, we have discussed the importance of appropriate cyber strategy and the necessity to preside over the main critical infrastructures to defend them from cyber threats of any kind and in our imagination we have always considered the US as a country at the forefront.

While the cyber security experts analyze the progress made ​​in countries like Russia and China and emerging realities like India and Iran, they alert us regarding the vulnerabilities of the main U.S. structures.

This time to worry U.S. security experts is the state of its computer networks that have been penetrated by foreign spies several times exposing sensible information. The success of the cyber attacks, according the declarations of the network experts, is due the US infrastructure status that are protected by obsolete defense systems unable to fight against continuos incursions.

Speaking before the Senate Armed Services Subcommittee on Emerging Threats and Capabilities the experts told the assembled Senators that the U.S. government needed to abandon the notion that it could keep outsiders off its computer networks.

Very meaningful the worlds pronounced by Senator Rob Portman member of the Emerging Threats and Capabilities subcommittee:

“We can do things to make it more costly for them to hack into our systems…,”
“but you didn’t say we can stop them.”

A clear message that expresses the awareness of the threat and impossibility to defeat it in the short term. The only feasible goal right now is trying to mitigate the threat reducing the intrusions, the experts report that US are under a massive attack that day fails to penetrate defenses raised to the protection of the infrastructures.

What are the reasons of what can be considered a major failure in relation to huge government investment?

• The absence of a cyber strategy that balances the harmonic aspects of cyber defense and cyber offense. In the last couple of year more has been done, by we are far from a really efficient implementation of a cyber strategy, too many structures in the country are still vulnerable. Consider also that historically has been wrongly considered the cyber offense more important than defense.
• A not profitable use of resources for the permanent cyber warfare. The U.S. expenditure is among the highest in the world, there are no precise figures, but the results are objectively questionable. Most factors likely to affect the costs in the matter, procurement and investments, are influenced by companies able to interfere on the government decisions, with obvious consequences.
• The shortage of skilled resources in the field. In this connection it is to be remembered that while in countries like Iran and China the young are educated on cyber security field and the new disciplines are encouraged by the central government, such policies are not pursued in the West.
• Inability of government agencies competent to attract resources from the private sector.

“The production of computer scientists is on the decline,”  “We are not recruiting and retaining them… I am concerned also that the investments from the Congress and the people is almost all period of performance of one year or less. It’s to build tools. It’s to be a rapid deployment of capability. I rarely get the opportunity to think 3 years down the line even, in research. The money that comes to us has a very directed purpose… I feel the nation is frightened to think much beyond one or two years.”

The global scenario is very worrying, every day we read of attacks through computer systems that could have serious repercussions at any moment. Do not forget that an attack on critical infrastructure could result in the loss of many lives, and it is a matter of time, but sooner or later this will happen. Statement as those that prompted me to write this article are disarming, demonstrate that the investments were completely wrong. Attribute the success of the attacks by foreign governments to the fact that US are using obsolete systems is reductive, behind the failures there are innumerable poor choices and the application of non-functional models. America is advanced on cyber context, and his statement should give everyone idea about the real state of security of many countries of the world. Trigger a global conflict in cyber space could have an effect in the real world no less than that of a global nuclear conflict.

Persist in offending the opponent, not being responsible for addressing a ready response, is very dangerous. Soon we will be invaded by cyber weapon escaped to the control of designers and adapted for other purposes by cyber criminals, hostile governments and hacktivists … and then how will defend ourselves?

Pierluigi Paganini