|
Cyber security
� The forgotten protection
by State Representative Frank Corte
Jr.
Did you know that October is National Cyber Security Awareness Month? An element of security that often goes forgotten is that of our computers and automated operations. Cyber Security, as it is called, has many different elements and is an
ever-changing realm that most people find difficult to understand. Computer security experts are in short supply in a
high-demand field and therefore can be a very expensive element to an overall secure environment. This can especially be tough on governmental agencies, who often pay relatively low wages. Given the critical nature of the consequences of failure to protect computer infrastructure, Federal, State and Local governments, as well as private industry must not shy away from this daunting task, but rather find innovative and cost-effective solutions to provide this critical element of security.
Threat - The threats that we face to brick and mortar infrastructures is one that we have embraced whole-heartedly as a nation, spending billions of dollars securing access points, adding patrols and increasing surveillance. These threats are obvious to most and the changes are absolutely essential. The threats to our automated processes and our database infrastructure are slightly more nebulous, yet the consequences of their failure can be as devastating as almost any single explosive. Vast electronic central nervous systems control much of our invisible and visible infrastructure, including the electrical grids, telecommunications networks, banking systems and water/wastewater treatment plants.
While the programs, languages and operating systems are still difficult for many to understand, over the next several years, more and more people around the world will continue their learning process of computers and the inner-workings of these programmed machines will become more familiar to the masses. While Americans remain some of the most computer literate workers in the world, there is a very large trend of exportation of our technology overseas, including Middle Eastern and Asian countries. These citizens have had an explosive influx of education and OJT in terms of computer systems, and specifically American uses of them. While there is certainly nothing wrong with this trend, it does show that the cyber world has no borders and it is important for us to understand that anyone with the knowledge, from anywhere in the world has the potential to breech our most critical infrastructures.
There is a misconception that suicide bombers, and terrorists in general, are uneducated and desperate low income individuals, however, this couldn�t be further from the truth. While there are obviously some foot soldiers that fit this mold, the leadership of attack planners, and the recruiters have proven time and time again that they are very intelligent. Additionally, they have always used computers and other technology sources as a primary vehicle to communicate. In fact, the terrorists that pulled off the attacks of 9/11were highly educated and instructed in very complex aircraft systems. This misconception needs to be overcome for us to fully know our enemy.
We have seen computer hacking attacks increase in numbers over the past several years and there is no reason to think that this trend will change and the knowledge and access is clearly available to those who would wish us harm. The question then becomes, �What can we do?� Unfortunately, with millions of different computer systems and networks, many entities and organizations in all sectors have gravitated to singular systems of protection that have caused a fragmented approach to security. Many organizations have made big strides to back up their data and store it off site, however, this only addresses the recovery side of the equation. Even large organizations, such as the State of Texas, have not implemented coordinated threat detection and response efforts. In fact, each agency is responsible for their own network security. While most state agencies have worked diligently to secure their networks, the fragmented approach promotes a �weakest link� environment, where one agency that provides less than adequate security can threaten access to the rest of the networks. Additionally, this approach leads to higher costs and less protection for the price.
During the 79th session, I authored, and the Legislature passed House Bill 3112 to address this issue. As the State begins the trend of consolidating networks, the Department of Information Resources will provide coordinated 24 X 7 protection of the networks by security experts who have access and coordination of all the consolidated systems. A Network Security Center will be established and this Center will have responsibility for immediate detection and response in order to block unauthorized access and, in case of a breech, to snuff out the problem for everyone on the system to reduce damage and speed recovery efforts.
This center will also be authorized to contract with other entities outside of the State to provide security to other local entities, including water districts and electrical systems. In addition to the money savings resulting from consolidating security efforts, other entities buying into these security measures will provide additional cost maximization to taxpayers. There will be up front costs to get the Center going, however, the associated savings, including a reduction in production downtime make this investment very cheap to the State. Additionally, the security of the vast networks and databases will be immensely improved and the threat of a terrorist attack, or even a simple database hack will be greatly reduced.
Outside of state government, many organizations and local political subdivisions have facilities dispersed in various locations, including a fragmented system of computer network security. Given the rapidly-changing world of technology, I would urge everyone to take a fresh look at their cyber security systems to ensure that they are adequate to block 2005 attacks, not only those from years past. Consolidation of systems with other agencies, or organizations can be an effective and cost-efficient way to leverage security efforts. Establishing cross sector coordinating groups to learn and implement best practices and standards can also be an effective way to communicate outside of your box. You will also want to ensure that internal access policies among employees are well understood and followed diligently. Finally, practice cyber attack scenarios in either a tabletop exercise or a real time red-teaming environment to ensure that your systems are adequate and to ensure that your recovery systems are efficient.
Obviously given the vast dependence on cyber technology and the industrial growth around the world, security of our cyber infrastructures continues to be of the utmost importance to every sector of our economy. Terrorists, as well as the 15 year old hacker, have the ability to do extreme damage to facilities, databases, electrical systems, water supplies and even to our individual daily life. This Cyber Security Awareness Month reminds us to all consider our own cyber security protections and address any weaknesses that become evident. Ultimately, communication between all sectors will help understand what risks are present, what structures are available to address these threats and what practices are working to avoid this critical threat.
Rep Frank Corte Jr. is a seventh-term Republican State Representative from San Antonio. He is a colonel in the Marine Reserves and makes a living in real estate and property management. He is the Chairman of the House Committee on Defense Affairs and State-Federal Relations, which has jurisdiction over Homeland Security in Texas, as well as Emergency Preparedness and Response and military/veteran issues. Rep. Corte is also a member of the Homeland Security Council, which advises the Governor on establishing a statewide homeland security strategy. He has also authored several forward thinking bills that have served as model legislation around the nation. His work in Cyber Security and Homeland Security has led to major changes in policy across the State.
|
