Shielding Cyber-Space

Protecting the nation’s roads, bridges and phone systems has been a top priority since the dawn of the Cold War, when leaders realized how vulnerable those critical infrastructures were to nuclear attack.

No one has paid much attention, however, to protecting the nation’s computer networks from hackers and cyber-terrorists. That’s alarming because, as National Security Advisor Condoleezza Rice puts it, “the cyber-economy has become the economy.” Commerce on the Web amounts to about $2 million every minute.

There are about half a billion Internet users in the world. “Some of them,” says Richard Clarke, President Bush’s top cyber-security advisor, “are up to no good.” Indeed, malicious hackers are striking with ever-increasing sophistication, causing ever more severe losses, Clarke says. As evidence of the growing threat, he points to a CNN report last year that showed a house in Pakistan run by an Al Qaeda cell devoted solely to training for cyber-warfare and hacking.

The nation’s latest and loudest cyber-alarm went off three weeks ago when the Sapphire worm (a.k.a. SQL Slammer) paralyzed Windows Web servers, shut down most of Bank of America’s 13,000 cash machines and overwhelmed the 13 “root” servers that handle Internet traffic. Airlines delayed or canceled flights. Major companies sent workers home. Canada put off a national election.

Six days after the worm struck, Clarke announced that he would step down at the end of this month. In an e-mail simmering with frustration, he recounted how computer system administrators had failed to take obvious steps to thwart the cyber-predator. “The Sapphire worm,” he wrote angrily, “was essentially a dumb worm that was easily and cheaply made.... With slight modifications, the results of the worm would have been more significant. More sophisticated attacks against known vulnerabilities in cyberspace could be devastating.”

Free-market competition will solve part of the problem, as companies scramble to sell “patches” to plug chinks in a computer’s coding armor. But the government should require the industry to install basic protections, including standardized anti- virus scanning. “You don’t ask people to filter their own water or maintain air quality,” one security expert says. “So why force them to seek out protection for their computers?”

On Monday, corporate executives swarmed Capitol Hill to try to dissuade lawmakers from imposing cyber-security on industry. Legislators shouldn’t give in to their pressure. The nation’s computer networks are not as obviously vulnerable as bridges, skyscrapers and power lines but they need protection.