After a three-year study a panel (of former military leaders and IT professionals) from the National Academy of Sciences reported that the US has no clear military policies for cyberattacks. Notwithstanding a recent blog about the NSA exceeding its authority to intercept email, we are not much safer from cyberattacks. One would have to live under a rock to have not noticed the significant number of system breaches. As a matter of fact as pointed out in other blogs, LexisNexis just warned 32,000 individuals about data breaches that personal information may have been improperly accessed in a credit card scheme as far back as 2004.
Proposed Federal Legislation to Update FISMA
The US Congress will be considering an update to FISMA (the Federal Information Security Management Act) called the "U.S. Information and Communications Enhancement Act of 2009." This proposed Act will create hacker squads to test defenses of agency networks, and the agencies will be required to show how they can effectively detect and respond to cyberattacks. Currently there are only about five federal agencies who conduct this type of testing.
Cyberattacks From Within
A former Sysadmin (System Administrator) recently pled guilty to a charge of cyber extortion by threatening his former employer and faces up to five years in prison and a fine of $250,000. After the Sysadmin was terminated last year he complained about the severance and threatened to cause extensive damage to his former employer’s systems. Apparently he left many back doors in the systems he managed that allowed him to enter and cause havoc, which of course as a Sysadmin he had the authority to do so.
How Safe Should We Feel?
Hopefully the US should get control of cyber security because it seems patently obvious to the most casual observer that at this time the US is extremely vulnerable. Maybe spending the US should $19 Billion on cyber security rather than on Electronic Health Records (EHR) since the US is so dependent on the use of the Internet today, and the US’s dependence on the Internet will only increase. Cyber safety is more critical than EHR.