A privately owned Russian technology company has discovered a cyber attack virus on hundreds of computers across the Middle East- the majority of which are on Iranian industrial computers. The nature of this virus appears to be aimed at espionage- it secretly activated cameras & microphones- even having the ability to access data from Blue Tooth units casually laid near the infected computer. This virus also has the ability to be directed by its makers- all new features in cyber attack technology. The complexity & size of the virus indicates that the creators of the virus needed at least 10 months to a year, a fat bankroll and a good-sized staff of programmers to be developed. This points toward a government sponsored development or large-scale corporate crime, the former being the most viable theory. Of course, Israel comes to mind- and it is not denying the charges.
After we cheer for Israel, we must become serious once more and ask ourselves, “But what does this mean for the United States? How will this cyber attack affect the Joe Lieberman Cybersecurity & Internet Freedom Bill which is being evaluated in the Senate now? How should the United States protect itself against such an attack?”
Having worked in large-scale computer systems development for over 11 years, I can tell you one thing: the answer is not and can not be more centralization of systems development. The answer lies in diversity of technology, not standardization of it. Let us examine exactly why this attack was possible and how it was detected and how it will be dismantled.
1) The attack focused on technology known to the attackers. The programmers who created the virus attacked and tweaked software they knew about- everything from computer cameras, Skype, Blue Tooth, Internet Explorer, etc. Knowing the technology helped them to turn their functionality into spy vehicles.
Conclusion: The less variety of technology we use, the easier it is to ‘know’ the programming inside and out and hence, the easier it is to attack. VARIETY & the constant release of new versions are the best defense.
2) The virus took tremendous resources & time to develop (this is a direct result of the great VARIETY of software & hardware that needed to be ‘beaten’ by the virus). That is a good thing for the United States. Our enemies today are not other countries around the world. Our enemies are small groups of individuals who must change location often, who lack large facilities as a result of this movement and who do not have massive funds, lots of time and many programmers in one place developing this type of virus.
Conclusion: Only large groups can create viruses on this scale. They take a long time to develop. Terrorists are not large and they do not have lots of time. We need not fear this type of attack from terrorists.
3) A private technology company discovered the virus- not a huge governmental bureaucracy. This is exactly predictable. I have worked alongside many monolithic telcoms around the world- they are extremely slow to react to technological issues. Their infrastructure is laden with human politics, their processes are convoluted from decades of uneven growth, and their technology has been built upon old technology for so long that no one even understands what a third of the systems do anymore. And they are afraid of touching it lest the entire system stop functioning. We used to call these systems, “V’Ger”- think Star Trek.
Conclusion: the larger the organization, the slower it reacts to technological change. The smaller the unit, the faster it reacts to technological change. That is why ‘hackers’ and developers of groundbreaking technology tend to be scrawny youngsters in garages. Governmental standardization & centralized control will kill variety & innovation and will thus lead to increased danger from cyber attacks from terrorists in America. Exactly the opposite of what Lieberman’s bill proports to do.
4) I guarantee you that it will not be the Iranian government that will develop the anti-virus for this attack. It will be a privately owned consulting company that will do it. The programmers will not be old timers, entrenched in the system or long time civil servants whose job is guaranteed forever- it will be youngsters, hungry for success & fame. And I’ll bet you a million dollars that they get paid for performance, not for merely showing up.
Conclusion: Defending against a cyber attack is best done with small, private, motivated companies that employ hungry, performance based programmers. NOT a monolithic government bureaucracy that takes forever to make a single decision. Giving our government the task of defending against cyber attacks would be the complete opposite of the correct solution.
Joe Lieberman’s Cybersecurity & Internet Freedom Bill is the exact opposite of what we need in America to protect against terrorist cyber attacks. Terrorists are incapable of this type of mega-virus. They are only capable of small cyber attacks. We need many small companies who can react quickly to the kinds of cyber attacks terrorists can create. They can clear these types of viruses almost instantly. In fact, we already have them- they are the anti-virus software companies we see everywhere.
Only countries could attack us in this way. We have a military that can protect us if we are attacked in this way. Please remember that our military & critical government functions are NOT using the Internet- they have a completely separate set of communication cables, satellites, and towers that are top-secret. An attack via the Internet would not touch them. So if a major country attacks our internet in a catastrophic way, then we would consider this an act of war and deal with them accordingly- with guns & tanks. Countries are highly unlikely to attack us in this way unless they want war with the best equipped military in the world.
Do not give in to the knee jerk reaction the Progressives are hoping you will have. Do not support the government take over of the entire technology industry. It will lead to only one thing: full control of the American population and zero added security from terrorists.