The following editorial appeared in the San Jose Mercury News on May 19:
Ten years after 9/11, the United States has yet to get serious about cybersecurity. That is a sad, sad reality.
The Obama administration laid out plans last week to make the Internet more secure and ensure that people around the world have the freedom to express themselves online. To which we can only say: Better late than never. Osama bin Laden is dead, but the threats of 2001 persist, and the potential for Internet attacks has grown.
The international community must put a higher priority on reducing the risk of cyberattacks. At least President Barack Obama is thinking in those terms.
The next big terrorist move could be on the electrical grid in a metropolitan area or on the technology that governs financial, transportation or communication systems. It might lack the drama and death toll of planes bringing down skyscrapers, but it would be devastating to the economy. The Government Accountability Office reports that U.S. businesses already lose about $100 billion to cyberattacks every year.
The Bush administration took a narrower view of the challenge, working for national strategies and focusing on defense. But even this more limited approach got nowhere. Getting nations to agree on norms for cyberspace and implementing international protocols on the Internet is a tall order, but all nations have an interest in securing financial transactions and other high-tech exchanges.
Details of the new initiative are still sketchy. But Obama wants to move away from passwords to authorize financial and other important transactions in favor of a more secure credential system. That would be a good step toward reducing the risk of terrorists and identity thieves wreaking havoc or stealing money and private information from individuals and businesses.
The administration proposes working with NATO partners to improve cooperation on global cybercrime and to develop guidelines for Internet oversight. The first principle would be to treat a cyberattack on any NATO partner as an attack on all members.
The biggest challenge for reaching global consensus is how to deal with nations such as China, where theft of intellectual property and repression of free speech are widespread. But even the United States is not immune to accusations that it wants to limit transparency in the name of national security, given the recent WikiLeaks controversy. A collaborative approach with allies could help define responsible state behavior and establish a set of global norms that nations such as China can be forced to accept.
Massive data breaches are increasingly common. The online attack on Sony PlayStation’s network this month exposed the personal information of more than 100 million of its customers. Every American who is online is at risk.
It’s easy to imagine a cyberattack crippling Los Angeles with a power outage or scrambling international banking systems. Let’s not wait for a real one before we get serious.