Cybersecurity Tipping Point?

While driving home last night, I happened to catch the NPR radio show, “On Point,” and a lively discussion on hacks, cyber attacks, and cyberwar. Worth a listen, here’s the link (http://onpoint.wbur.org/2011/06/01/hacks-and-cyber-attacks).This isn’t the first time I’ve heard the mainstream media approach the cybersecurity topic but it is certainly happening more frequently these days. Why? Unfortunately, cybersecurity, cyber attacks, and cyberwarfare have become very topical over the last few months because of:1. A recent string of visible hacks at organizations like RSA Security, Sony Playstation Network, Lockheed-Martin, and Google (again).2. News that China is setting up a cyber warfare unit (this is actually old news but it surfaced this week), and that North Korea is investing heavily in cyber warfare capabilities.3. A new fake AV scam that targets the Macintosh.4. President Obama and UK Prime Minister David Cameron issued a joint statement about cooperative efforts to, “better confront tomorrow’s threats.”5. The recent statement from the Pentagon that cyber attacks will be considered an act of war and that the U.S. may respond with traditional kinetic means (i.e. guns and bombs).Now I live in this world so my judgement is certainly influenced by my knowledge on these topics but it seems to me that we are rapidly approaching a crossroad. We are now experiencing the cyber equivalent of the London blitz of 1940 where we are under constant attack. At present the central targets are our money and our intellectual property. It is also pretty safe to assume that we face two very skilled adversaries, cyber criminals primarily in Eastern Europe, and organized cyber espionage primarily in China. Are we vulnerable? Big time! In a recent ESG Research survey, 77% of U.S. critical infrastructure organizations admitted to one or more security breach over the next 24 months (Note: This report is available for free download at: http://www.enterprisestrategygroup.com/2010/11/cyber-supply-chain-security-research-report/. When I say “critical infrastructure organizations,” think banks, health care facilities, water, electricity, food, fuel, etc. So what happens next? My guess is that it won’t be pretty. We are likely to see an unprecedented cybersecurity breach that scares the living daylights out of those who haven’t been paying attention. This will lead to a lot of finger pointing and likely some rash, poorly thought out legislation across the globe. This also could lead to some seriously increasing International tension. Remember that the Pentagon is already talking about guns and bombs.I am all for doing something but the time to act is now, not when the proverbial S#*t hits the fan. We need rational public/private dialogue and International cooperation, not a bunch of cyber and real Cowboys facing off against each other armed to the teeth. I may sound like Chicken Little here but I truly believe that I have reason to do so. Don’t take my word for it — listen to the “On Point” discussion or ask RSA, Sony, Lockheed-Martin, or Google and judge for yourself.