With recent warnings that the Chinese government (or others) could shut down our power grid perhaps it is time to take a look at the state of our digital infrastructure.
There has been a lot of talk about our crumbling infrastructure. Our bridges, roads, damns and water mains across the country are all in desperate need of repair. Unfortunately most towns and states are already on the brink of bankruptcy and can barely afford to keep their schools, fire and police departments open let alone spend millions, if not billions of dollars to fix old bridges and hundred-year old pipes. So everything keeps deteriorating, water mains keep bursting and every year there are more potholes.
But there is another infrastructure problem that is potentially more critical, yet gets even less funding than just about any other public works project – our digital infrastructure.
Late last week Admiral Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command, testified that China and “one or two” other countries have the power to shut down the U.S. electric grid with cyber attacks.
The statements caused a bit of a stir in Washington but when you follow that up with revelations that numerous companies and government agencies have already been victims of cyber attacks from foreign governments things begin to look even more dire.
Now I assume that the military, the NSA, the FBI, the White House and a handful of other government agencies have tried to shore up their cyber defenses to the best of their abilities but these are only the top level, high-profile targets.
But when you start talking about second- and third-level targets in Washington you have to wonder how secure their computer systems are. How much effort has the Department of the Interior or the Department of Weights and Measures spent to make sure their computers are protected?
Now spread that out to the states and local government agencies. Have all the various Departments of Motor Vehicles across the county been keeping their anti-virus software up to date? Have they hired experts to do security audits of their systems? Have they even changed the default settings on their internal servers since the day their networks were first installed?
There are thousands upon thousands of government agencies and departments at all levels that can barely keep their servers running let alone harden them so that they could withstand a cyber attack from a foreign government.
My wife works at a nearby high school and they have one ‘tech guy’ who travels around between half a dozen schools fixing people’s computers. I’m sure he gets paid less than $40,000 a year and has to serve six or more schools. He is not a security expert. He’s not even a network or IT expert. He spends most of his time going from classroom to classroom because teachers can’t get their printers to work or they forgot their passwords.
Now I know that the Chinese government probably isn’t going to try and hack the Novato School District high school computers (not that it would be all that difficult) but the school district can barely pay for books let alone hire a cyber security expert. And there aren’t many other public services companies who can afford to protect themselves either.
American businesses are loath to spend money on security and we are all paying for breaches like the ones that happened to Target or Home Depot. But our publicly funded organizations simply can’t pay for the security they need since that money just isn’t in the budget and it would take a public vote in order to allocate funds – and that’s probably not going to happen.
Having the power grid go down would be a catastrophe but it would also be a catastrophe if our post offices, schools, local police and fire services, hospitals and heck even the DMV also went down because of cyber attacks, and you wouldn’t need to be a super hacker to take down most local government run networks.
If we are going to try and defend our networks the money is going to have to come from the Federal government because you can bet that if it is left up to the cities or states it simply won't get done.