What will be the Katrina of cyberspace?

The Washington Post has an article by Brian Krebs on the Bush Administration's delay in dealing with cybersecurity.

One year after the Department of Homeland Security created a high-level post for coordinating U.S. government efforts to deal with attacks on the nation's critical technological infrastructure, the agency still has not identified a candidate for the job.

On July 13, 2005, as frustration with the Bush administration's cyber security policy grew on Capitol Hill and Congress appeared poised to force its hand, Homeland Security Secretary Michael Chertoff announced the new assistant-secretary job opening.

Critics say the yearlong vacancy is further evidence that the administration is no better prepared for responding to a major cyber attack than it was for dealing with Hurricane Katrina, leaving vulnerable the information systems that support large portions of the national economy, from telecommunications networks to power grids to chemical manufacturing and transportation systems.

"What this tells me is that ... [Chertoff] still hasn't made this a priority ... to push forward and find whoever would be the best fit," said Paul Kurtz, a former cyber security advisor in the early Bush administration...

Rep. Zoe Lofgren (D-Calif.), a co-author of the bill that would have forced the department to create the position last year, did not mince words: "I think DHS is pathetic and incompetent. It's a complete mystery what's happening over there." ...

John McCarthy, director of the critical infrastructure program at the George Mason University School of Law, agreed and related that just a few months after the administration released its cyber plan in 2003, one of his graduate students submitted a dissertation containing detailed maps zeroing in on key points in the Internet infrastructure that -- if targeted by terrorists -- could wreak a cascading series of outages capable of bringing major U.S. industries to a screeching halt.

Government officials suggested that the dissertation be classified [1] ...

But McCarthy said he believes it is a question of when -- not if -- a major portion of the U.S. economy comes under a targeted cyber attack, and that the nation desperately needs the technical and social leadership in place to deal with it when the time comes.

"I believe that as we as a society and economy move towards a greater reliance on these vulnerable communications networks, that those who would wish us harm will find ways to target those infrastructures in ways we haven't thought about yet, and that's going to present a major challenge for whoever is picked for that position."

[1] "Security by obscurity" is a thoroughly discredited approach, uniformly ridiculed by the security community.