Editorial

The testimony of CIA director John Deutch before the Senate Governmental Affairs Committee's Subcommittee on Permanent Investigations reminds us again that the new enemy is not likely to be any of the usual suspects. Instead, we will fight cyber-terrorists who attack the nation's information systems.

Deutch proposed an organizational solution that is certain to spark plenty of discussion. Prompting the appropriate agencies to collect and then share data has always been difficult, but the Hill can certainly apply funding pressure to guarantee compliance once an agreement is reached about what is needed.

Reaching that agreement will be the tougher assignment. It is clear that no one knows the extent of the problem. Talk to any computer incident response manager, and he will tell you he's afraid of the hackers who can't be detected right now. The diverging positions of DISA and DIA on Java security reflect more than their different roles. It also points to the shortage of real information about security threats.

The CIA, as an intelligence-gathering agency, is in a position to take the lead and make some estimates, but many in government are not comfortable with the agency in that role. However, some organization needs to gather information about hackers and threats, "sanitize," declassify and then share that information. The sooner we settle on who is going to provide this service, the faster agencies will be able to prepare their defenses.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected