Cybersecurity threats are accelerating. The release of classified diplomatic cables by WikiLeaks.org raises questions about how the government could have allowed such a huge cache of sensitive data to be accessed, downloaded and delivered to an outside entity undetected. Government’s first responsibility is to guard against internal threats, which includes disgruntled, corrupt or neglectful employees who have access to classified security information.
Pfc. Bradley Manning, 22, of Potomac, Md., has been accused of illegally downloading and transferring classified data to WikiLeaks. The soldier, attached to the 2nd Brigade Combat Team, 10th Mountain Division in Iraq, was arrested May 26 when the breach first came to light.
The fact that a Pfc. would have access to broad-based, high-level information is rightly ringing alarm bells not only through the U.S. military and the State Department, but in every corporation and organization responsible for protecting sensitive data.
The WikiLeaks saga may serve a purpose. It should draw our attention to the larger problem; examining the status of U.S. information policy and whether we have the right controls in place.
WikiLeaks is not the only cybersecurity story making news recently. The Stuxnet virus may in the long run be an even greater cause for concern. This computer worm, one of the most sophisticated cyber weapons ever created, apparently can reprogram a computer system and hide the changes.
Stuxnet reportedly has infiltrated Iran’s Bushehr nuclear reactor and spread through India and Indonesia. A virus as sophisticated as Stuxnet could potentially trigger the start of a cyber arms race. If it were to infiltrate an electrical grid, attack an air-traffic control system or strike a vital industry, it could severely damage any economy.
The attacks on Pearl Harbor and 9/11 were blatant. What makes cyber warfare more dangerous is that it occurs in the blink of an eye and the damage may not be discovered until chaos begins.
Finding the cause may be difficult. Repairing the damage will be costly. Even locating the culprit may be impossible.
So far, the creator of Stuxnet has not been revealed and the sources of information to WikiLeaks still are not completely proven.
These threats show the need for government and industry to update their cybersecurity systems. However, having a static plan is not enough.
Every organization with sensitive information must prove that its actual practice complies with that plan. To remain in compliance, that plan must be updated continuously because the threat changes constantly.
Staying ahead of cyber thieves and terrorists requires a sophisticated cybersecurity workforce. A recent report from the Center for Strategic and International Studies titled A Human Capital Crisis in Cybersecurity shows that a critically needed trained cyber workforce is not available, and the education network to thoroughly train professionals in the intricacies of cybersecurity lags far behind the need.
Both the president and Congress agree that cybersecurity education must be a priority. Colleges and universities around the country should follow the lead of the University of Maryland University College in creating graduate and undergraduate programs in cybersecurity.
These can be replicated around the country to help produce the cyber workforce of the future to combat these growing threats. Government and industry must help academia by providing support and scholarship money.
We can and we must do the work necessary to prevent a cyber 9/11. As WikiLeaks and the Stuxnet worm show, the threat is here and now.
Susan C. Aldridge, Ph.D., is president of the University of Maryland University College, the largest public university in the United States.
Lieutenant General Harry D. Raduege, Jr. USAF (Ret.) is co-chair of the Center for Strategic & International Studies Commission on Cybersecurity for the 44th Presidency. He helped developed UMUC’s cybersecurity education programs.
