Snoozing about security

A story on CNET by Charles Cooper is pretty downbeat about the prospects of the Department of Homeland Security doing anything meaningful to improve cybersecurity any time soon.

No doubt these are tough times for the folks charged with securing the nation's cyber front lines.

Everyone, from government watchdogs to bloviating columnists, has a bright idea about how they should do their job better.

But there also is a statute of limitations on the public's patience. Two years ago this month, the Department of Homeland Security established a cybersecurity division to shore up the nation's defenses. The results to date include three cyberczars, millions of dollars in taxpayer expense, and thousands of worm and virus attacks.

Hardly a sterling record of accomplishment...

You don't need be an alarmist to imagine some pretty hairy stuff. A couple of years ago, the Slammer worm disabled a nuclear power plant's safety monitoring system for nearly five hours. This fast-propagating worm also affected five other utilities. No lasting damage was recorded, but that was through sheer luck.

So, what needs fixing at DHS? The better question is: What doesn't need fixing? ...

At this point, I would point you to the memorable line uttered by Strother Martin in the movie "Cool Hand Luke": "What we've got here is failure to communicate." ...

In the meantime, Powner and others live in dread of the nightmare scenario: a combined terrorist attack against a physical asset like a power grid, paired with a devastating attack against the nation's cybernetworks and communications systems.

"If you look at the recovery plans (DHS has in place), more work needs to be done," he says. "If you look at reconstituting the Internet if there were an event that took down the network, there's still not a plan in place."