Government Its Own Worst Enemy in Cyber War

by

Ever a man ahead of his time, Albert Einstein once said, “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”

Were he alive today, the only thing he likely would change about his statement would be how World War III would be fought. He surely would look at the threats posed by cyber attacks and surmise the most dangerous weapon of the next world war to be an invisible terror delivered electronically. He would note that the threat could come from any nation state – it would not even have to be a world power – delivered with complete stealth, hit at the most sensitive systems ,cripple infrastructures, topple economies and create chaos -- all before even a single soldier was wounded.

The question is, has World War III already begun?

There is no Fate…

Two months ago, the Department of Defense (DoD), the organization U.S. citizens probably think should be the most versed in protecting itself against cyber attacks, revealed that it had been the victim of the largest digital attack on a U.S. Government agency when 24,000 sensitive files were pilfered by an unidentified nation state in March.

This revelation came shortly before a report of the General Accounting Office (GAO) that openly questioned the DoD’s ability to keep up with the threats of cyberspace. Among the chief issues identified by the GAO were the multiple and often contradictory government publications that discuss how to handle cyber threats. These documents cannot even come to a consensus regarding terminology and job responsibilities as pointed out in a recent piece on Government Info Security about cyber security, which stated:

GAO cites a U.S. Joint Forces Command report that found DoD employs 18 different cyber position titles across combatant commands to identify cyberspace forces. ‘This can cause confusion in planning for adequate types and numbers of personnel,’ the GAO says. ‘Because career paths and skill sets are scattered across various career identifiers ... there are cases in which the same cyber-related term may mean something different among the services.’

So if the government can’t figure out who does what, what means what or just plain “who is this?” how can we honestly expect it to keep everything in this country that is run or managed by a computer system from being shut down by a cyber attack? Per Government Info Security, that would include “7 million computer devices, linked on over 10,000 networks with satellite gateways and commercial circuits that are composed of innumerable devices and components.”

The Battle Has Just Begun

The Intelligence and National Security Alliance this week released a report in response to what it sees as growing concerns of the U.S. government’s ability to defend itself against a major cyber attack. The report calls for the joint factions of the government to engage in coordinated efforts with private enterprise and the educational system to:

...mitigate risks associated with the threat, enhance our ability to assess the effects of cyber intrusion, and streamline cyber security into a more efficient and cost-effective process based on well-informed decisions.

Hopefully, these joint entities will realize what the Department of Homeland Security realizes – that any cyber security policy needs to include structural analysis of application software. By identifying areas where the applications in use may not live up to optimal software quality standards, the government can work toward plugging the holes and give cyber infiltration efforts fewer points to breach.

But software is the key. The enemy, to paraphrase “John Connor” from Terminator 3,  “is software in cyberspace”…although if the government cannot coordinate its efforts into one, cohesive plan, the even bigger enemy of the U.S. Government’s efforts to protect itself from cyber attack may be the government itself.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|