IDG News Service - The U.S. government, if confronted in a cyberwar today, would not come out on top, a former U.S. director of national intelligence said Tuesday.
"If the nation went to war today, in a cyberwar, we would lose," Mike McConnell told a U.S. Senate committee. "We're the most vulnerable. We're the most connected. We have the most to lose."
McConnell, director of national intelligence from 2007 to 2009, predicted that the U.S. government would eventually get heavily involved in protecting cybersecurity and in regulating private approaches to cybersecurity. Testifying before the Senate Commerce, Science and Transportation Committee, McConnell also predicted that the U.S. would make little improvements in its cybersecurity before a "catastrophic" attack will cause the government to get involved.
"We will not mitigate this risk," said McConnell, now executive vice president for the national security business at Booz Allen Hamilton. "We will talk about it, we will wave our hands, we'll have a bill, but we will not mitigate this risk."
After a major attack, the government will step in to secure the Internet, McConnell predicted. "We're going to morph the Internet from something that's referred to generally as dot-com to something that we call dot-secure," he said. "When [online] transactions move billions of dollars, or when transactions route trains up and down the East Coast or control electric power ... the basic attributes of security must be endorsed."
Government intervention is needed, added James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, a Washington, D.C., think tank. Private-sector fixes to the nation's cybersecurity problems haven't been effective, he said.
The Internet was designed as a global commons that polices itself, but that model has failed, Lewis added. "Instead, we've got the Wild West," he said. "Many will say we should let the market fix cybersecurity. I'm familiar with this one, because I, myself, wrote it in 1996, and I'm still waiting. Government needs to give the market a kick."
Early last year, Senators Jay Rockefeller, a West Virginia Democrat, and Olympia Snowe, a Maine Republican, introduced a bill that would create new cybersecurity regulations for private companies designated as critical infrastructure. The senators have rewritten the Cybersecurity Act several times after complaints from the private sector, but the bill would also require a national licensing and certification program for cybersecurity professionals. Under the bill, it would be illegal to provide some cybersecurity services without being licensed and certified.
Some versions of the bill would have also allowed the U.S. president to order that parts of the Internet under attack be shut down.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
