Howard Schmidt, (ISC)2 security strategist; former cybersecurity adviser to the White House
Howard Schmidt, (ISC)2 security strategist; former cybersecurity adviser to the White House

The U.S. should engage with the world to combat cyberthreats, says Howard Schmidt.


Our world has changed quickly, and technology now underlies virtually everything we do. This is not only true for us as individuals, it is true for our governments as well. Our nation's security, public safety and financial infrastructure rely on an intricate and interconnected foundation of robust information technology. Increasingly, this national cyberspace infrastructure is under constant attack from sources known and unknown.

 

While citizens are busy dealing with security measures at the world's airports to protect against terrorism, the number of computer attacks reported by government agencies has soared nearly 260 percent in the last three years. For 10 years, the federal government's information systems and critical infrastructures have remained a “high-risk” category.

 

These dangerous findings are even more sobering considering that the problem is international in scope. As our global interconnectivity increases, so too does the ability of an attacker to spread damage from Eastern Europe to the West Coast with the click of a button.

 

Cybercrime often doesn't get a lot of attention outside of the technology industry and many of us feel that it should. The economic impact of a serious cyberattack on our critical infrastructure has shown in the past that the impact could be global in nature in a short period of time. A published experimental exercise attack carried out by the Department of Energy last year reportedly caused a generator to self-destruct. The government economist brought in to project the damage of a similar attack on a larger scale put the price tag at $700 billion. To put this in context, the economist said that would be the equivalent of 50 hurricanes like Katrina hitting at once, causing more economic devastation than the Great Depression.

 

We've learned the tragic lesson of what happens when we are reactive, not proactive. Prior to 9/11, it was common knowledge that airplane cockpits were susceptible to attacks, but not deemed to be an issue by some since there had not been a U.S. plane hijacked in 25 years.

 

While there have been serious cyberattacks that we have responded to, we have significant documented vulnerabilities that need to be dealt with, but will take years to remediate. We must deal with this global threat now and no entity can do it alone.

 

Recently, the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) held the first World Cyber Security Summit (WCSS) in Kuala Lumpur, Malaysia. The high-level forum included government ministers, industry leaders, technology luminaries and cybersecurity experts from close to 30 countries. The WCSS event, hosted by the Malaysian government, brought together the public and private sector from every region of the world to help each country do its part to secure their slice of the global cyberspace pie. Leading cybersecurity firms, such as Symantec, TrendMicro and Kaspersky Lab, are putting their expertise and muscle behind this. So are governments ranging from Australia to Malaysia to Mexico.

 

The participation of the United States in this initiative is essential to send a clear message to the global community that we want to engage with the world to combat threats to cybersecurity. Equally important, this message should not and cannot be limited to current government operations. As the presidential campaign unfolds on the world stage, we hope that the candidates from each party will show a commitment and leadership to help secure our part of cyberspace – and to work with other nations to help them secure and protect theirs. Let's hear from them about their plan for working through initiatives such as IMPACT to maintain cyber-security on a global scale.