It's time to declare a war on cyber hackers

You don’t have to peruse news sites too long to wonder why the White House isn’t declaring a war on hackers and calling for the best and brightest minds to heed the call and help the good guys gain an upper hand. As it is, the bad guys are winning, with seemingly little resistance.

The past few weeks has seen acknowledgments from the IRS that someone, probably criminals based in Russia, accessed and stole tax and personal data from more than 100,000 taxpayers. Then a few days later the government revealed that other hackers, probably based in China, stole the personal information of at least 4 million federal employees.

This comes on the heels of several private-sector breaches, in which thieves stole credit card information belonging to tens of millions of shoppers at Target, Neiman-Marcus, Michaels and others.

The accumulative effect of these crimes could be as damaging to the nation’s psyche as to its wallets. The nation’s economic infrastructure thrives on a general sense of confidence in its security. That remains intact, but every new assault on the bow weakens it.

So why not declare a war?

Back in 1982, illicit narcotics hadn’t done nearly this much damage when Ronald Reagan declared a war on drugs.

As Politico.com recently reminded its readers, Reagan countered the critics back then who said defeating illegal drugs was impossible by quoting a French World War I soldier saying, “There are no impossible situations. There are only people who think they’re impossible.”
Sure, it’s easy to argue that, from the perspective of more than 30 years later, Reagan’s war on drugs was indeed impossible, but then decriminalizing or outright legalizing marijuana in many states wasn’t the best war strategy. The war on drugs has suffered from a lack of commitment among the troops, not to mention a confusing disinformation campaign. Simply put, we can’t afford to lose the war on cybercrime.

The reasons can be stated in hundreds of different ways, depending on which sector of the economy you’re talking about. A recent piece on Britain’s Royal Society of Chemistry website talked about the vulnerability of chemical plants, power stations and other sites important to infrastructure. Problems caused by computer breaches “could range from spills of materials, to some sort of overpressure or venting, or in the worst case even some sort of explosion.”

Hackers could cause all kinds of problems by gaining control of the nation’s power grid. With the economy so dependent on the Internet for commerce and other money transfers, general power outages would grind life to a halt.

On a more traditional crime scale, PC World wrote a few years ago about how hackers figured out how to reverse-engineer certain remote-controlled car locks and engine ignitions to steal cars.

But few of the breaches can compare with the dangers involved in stealing from the government.

“Database security controls are an organization’s last line of defense in protecting sensitive data.” Those words were part of an audit by the Treasury Inspector General for Tax Administration, dated Aug. 22, 2007. The subject was the vulnerability of IRS computers. The results showed security control failures on 30 percent of the test administered — a dismal and disturbing outcome.

But that audit was only one in a long line of IRS reviews outlined in a USA Today report on how the agency failed to secure its systems despite repeated warnings. The Treasury inspector general for tax administration told Congress last week that the IRS failed to implement 44 of his recommendations, including 10 that were three years old or older.

CBS News said he told Senate Finance Committee Chairman Orrin Hatch that the IRS hack attack, “would have become more difficult had they implemented all the recommendations."

This doesn’t sound like a government that is serious about stopping cyber crime.

Writing for Time magazine, national security reporter Mark Thompson said we should take a cue from the ancient Chinese. “… it may be time for the U.S. to build a great wall to protect its data and that of 320 million Americans.”

That may not be possible, but at the very least we should start taking the threats more seriously.