As we approach the fifth anniversary of the terrorist attacks on America, the thing to do is ask, “Are we any safer today than we were on Sept. 11, 2001?”
There are plenty who would argue we’ve improved our nation’s security, and just as plenty who say we’ve got a long way to go.
However, when it comes to the security of America’s network infrastructure, the interoperability of its communications networks and the overall security of networks everywhere, I have one clear answer: absolutely not.
Just two months after the attacks, internetnews.com reported on an ITAA poll that stated, “More than 70 percent of Americans don’t have much confidence in the government’s ability to adequately protect against attacks on the Internet and computer systems.”
Six months later, the Business Software alliance polled corporate IT managers for their views on the security of government networks. The results showed little faith in U.S. preparedness.
By a margin of 10-to-one, IT managers were more likely to say government security measures are “not at all” adequate than “extremely” adequate. More than 70 percent of those polled felt there was a gap between the government’s preparedness and the threat of cyber attack.
Five years later, it’s hard to imagine they feel any more confident.
As documented by the sad parade of embarrassing, almost weekly stories coming out of Washington, our government can’t even protect the personal data of the men and women who are fighting the war on terrorism.
The sour cherry on top of that news is the annual network security scorecard issued by the Government Accountability Office (GAO).
As recently as March, the Department of Homeland Security (DHS) got an F on its annual GAO network security test.
This is hardly surprising, though, since the largest bureaucracy in the history of the United States has flunked the test every year since the DHS was created in 2002.
Over at the Pentagon, the Department of Defense slumped, so to speak, to an F after outpacing most other federal agencies with D’s in 2003 and 2004.
The private sector, you ask? Please.
The companies that control the vast majority of the networks in the U.S. prove almost daily they are incapable of protecting their own data, much less the underlying security of their systems.
In the months following 9/11, the private sector largely opposed information sharing about network threats because of fears that the information would eventually become public.
Collaboration? Cooperation? Forget about it.
The end result of all this crawdaddying by the private sector’s bold post-9/11 talk of protecting America is President Bush’s National Strategy to Secure Cyberspace report, otherwise known as the plan that wasn’t.
The White House spent 17 months after 9/11 crafting a cyber security scheme that largely concluded more IT training and certification might be helpful.
Congress, for its part, decided in 2005 to raise the profile of cyber security by creating the position of Assistant Secretary of Cyber Security within the DHS. A year later, the de facto cyber czar position sits unfilled.
Last December, the Cyber Security Industry Alliance (CSIA) finally ripped both the Bush administration and Congress for their efforts on cyber security.
“Currently, there is little strategic direction or leadership from the executive branch in the area of information security,” said Paul Kurtz, CEO of the CSIA.
“Ensuring the resiliency and integrity of our information infrastructure and protecting the privacy of our citizens should be higher on the priority list for our government.”
Kurtz added, “CSIA believes the government has a responsibility to lead, set priorities, coordinate and facilitate protection and response.”
But it has not.
Perhaps most tragically is the failure of public officials to follow through on promises of first responder communications interoperability.
On Sept. 11, telephone lines were cut, and communications came to a standstill. Indeed, the one part that held up a communication medium was the Internet.
Yet, the security barn doors are wide open and need bolstered to protect us from a cyber attack.
In God we trust. All others please check in at the latest U.S. security vulnerability.