Worm Poison

Alarm bells began clanging on Capitol Hill last week about yet another potential threat to national security: cyber-terrorism. As a government panel testified last week, the protections for the networks of U.S. agencies and businesses are “riddled with weaknesses.” A cyber-terrorist attack would not carry the shock and carnage of Sept. 11. But in this information age, when computers run everything from power grids to flight systems and stock markets, such an attack could be more widespread and just as economically destructive.

There is no public evidence that terrorists are planning cyber-attacks, and some of the experts who warn of digital doom may be trying to drum up business for themselves, as some computer security consultants did by exaggerating the “Y2K” computer threat in 1999. But there’s no denying a dramatic rise in cyber-attacks in recent months.

As Joel C. Willemssen of the General Accounting Office told Congress last week, cyber-attacks in the last two months alone have “affected millions of computer users, shut down Web sites, slowed Internet service and disrupted business and government operations. They have already reportedly caused billions of dollars of damage, and their full effects have yet to be completely assessed.”

For instance, in July the “Code Red” computer worm infected thousands of government computers, forcing the White House to change its Web site address to avoid the worm, compelling the Pentagon to briefly shut down its public Web sites, infecting the Treasury Department’s Financial Management Service and delaying FedEx package deliveries. Cyber-attacks are growing not only more frequent but more sophisticated. While it took several days for the Code Red worm to infect government computers three months ago, the “Nimda” worm that infected more than 100,000 government and business computers two weeks ago managed to destabilize networks within hours.

The White House appears set to respond. Administration officials have said President Bush will create an office of cyberspace security as early as this week. Bush’s reported choice to head the new office, Richard A. Clarke, an advisor in both the Clinton and the Bush administrations, has long backed security measures similar to those that the congressional commission, headed by Virginia Gov. James S. Gilmore, proposed last week. Congress should help implement these particularly urgent recommendations of the commission:

* Increase staffing at the government’s cyber-terrorism monitoring center and move it from the FBI to an agency like the one that Clarke would be heading. Currently, the center is so understaffed it cannot investigate cyber-attacks around the clock, even though Clarke has said several nations have created “information warfare squadrons ... to bring down computer networks.”

* Fund college scholarships to fill the near void of highly trained experts in the field.

* Urge businesses to frequently update anti-virus software in their Internet-connected systems (only about 10% do so today).

* Create a “cyber-court” of attorneys to ensure that beefed-up Internet monitoring does not compromise Americans’ right to privacy.

The government is not at the front of the pack in computer security. It should be. Bush is right to bring cyber-security under one roof, with a leader who understands the urgency of protecting the backbone of commercial and public transactions.