We have been hearing it in the news - the President can have a big red emergency power off (EPO) button on his desk to take down the internet. This a good thing or a bad thing?
The Protecting Cyberspace as a National Asset Act, which is being pushed hard by Senator Joe Lieberman, would hand absolute power to the federal government to close down networks, and block incoming Internet traffic from certain countries under a declared national emergency. Protecting our cyber infrastructure, organizations and even government networks.
Why all the debate and fuss? Why do we have folks up in arms that this could be an attempt or attack on free speech? Really? Isn't this a measure to shut down internet access in the event of a cyber attack? How real is the cyberwar threat? Have we not seen an increase in attacks coming out of China, Iran and other roque countries? Why not shut down those that attack others and misuse the internet - how is that an attack on free speech?
The other side of the coin is that as we move more of our companies, jobs and IT infrastructure oversees - as a company how do you handle internet shutdown and still have access to your systems now sitting in China, India and others? DR plan take the EPO button into consideration?
Consider this, as an organization you should have a zoned network design, no longer is a flat network acceptable. You have a PCI zone, a engineering zone and others to segment users, traffic and provide additional security. Should Homeland Security start classification of key business or infrastructure to protect from cyber attacks? Take that classification and start building additional security practice around them?
I propose to you that cyber attacks will continue to increase, and threats to our infrastructure are real. It will only be a matter of time before our vital systems are taken down or interrupted by a foreign agency. Disruption of power, water, or distribution channels can have a significant impact on our daily lives. Having the ability to shut down the internet to stop a cyber attack or war is essential to our National Security. Having organizations stand up and start taking responsibility for their infrastructure security and be held accountable when they are not has to happen. It is up to all IT professionals to bring security best practice into all we do, point out shortfalls and bring light to cyber opportunities or vulnerabilities. Gone are the days when organizations hide under the blanket of security is to expensive - if you have internet access, you become secure. In addition, time for AT&T, Verizon and other internet backbone providers to step up to the plate and get serious about this threat. If an organization orders internet access - there has to be a mandate penetration test done, and remediation mandatory.
It takes everyone to ensure our National Security - including IT.
Happy 4th of July!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
I think we need the ability to shutdown inbound internet from certain countries or parts of the world if we are under attack. I do think the President should be able to make an immediate decision on an incident response, but there needs to be a review board process. A review board of political, professional, and legal members. The review board should be selected by non political process.
ReplyDeleteI agree with you that this is not an attempt on free speech, but an attempt at National Security and our cyber infrastructure. Let's get some controls on our infrastructure and the security thereof.
Bob, as a lawyer, what is your opinion on companies controlling internet for the employees? Taking this topic a little closer to home, do we not control or monitor employees today? Should we be able to block, stop or take action on employee usage of the internet from company devices and company networks?
ReplyDelete