Friday, October 12, 2012

Cyber-Pearl Harbor

The “cyber-Pearl Harbor” scenario Leon Panetta spelled out yesterday was an exaggeration, but the policy changes he was calling for were the right idea. To the extent that traffic lights, rail and power switches, pipelines, drawbridges, medical scanners, and other potentially damaging equipment is connected to the Internet, it should be protected from intrusion, to a standard higher than that of the often-porous security of most of the Internet. It defies our usual intuition that a small local water system with no full-time staff may need the same kind of network security that the Pentagon employs, and this is one of the reasons Panetta is sounding the alarm bells.

Panetta specifically mentioned the financial sector. He took the recent denial-of-service attacks against international banks out of context in perhaps a misleading way, but the financial sector is an obvious target for criminals even if it seems to have held up well so far. The lax and fluid security of financial networks will eventually allow a criminal organization to bring down one of the major transaction systems. It is the credit card transaction network that is most vulnerable because of its broad reach. Sometimes I marvel how it has held up this far, after billions of identifying numbers and codes have been leaked onto the Internet or have fallen into criminal hands by other means. On any given morning there is a small chance that you could wake up to the news that you can no longer use any of your credit or debit cards except at your own bank. Or, your bank accounts could be temporarily inaccessible, as a million people in the north of Britain discovered earlier this year. It is worth taking a few moments to consider small steps you could take to minimize the inconvenience that would result.