Mikulski: Md. should be hub for cyber security

‘We're under attack every single day'

Friday, April 16, 2010

Click here to enlarge this photo
Staff photo by JAY FRIESS
Senator Barbara A. Mikulski (D-Md.), left, shakes hands with St. Mary's County Commission President Francis Jack Russell (D) at a meeting about cyber security at the Frank Knox Center in Lexington Park last week.

They are stealing our money, pilfering our secrets and threatening our infrastructure — and Maryland-based government agencies, businesses and universities could band together to stop them.

That was the message delivered by Sen. Barbara A. Mikulski (D-Md.) concerning Internet hackers at an April 8 meeting at the Frank Knox Center in Lexington Park.

Mikulski came to listen to the concerns of representatives from the region's largest defense contractors and share with them her work on the Senate Intelligence Committee's task force on cyber security.

Mikulski warned that sophisticated hackers from China and Russia have already breached American government computers and banks with "a new kind of thievery" and "could penetrate and do harm to the very fabric of our country."

"We're under attack every single day," Mikulski said. "We have to maintain our cyber shield. … We're looking at a world where people can attack us, disrupt our public sector and steal our intellectual property."

"It's a very scary situation," agreed Bonnie Green, president of The Patuxent Partnership, which arranged the meeting.

"We're getting probed thousands of times a day with viruses, malware and phishing," said Mike Mead, senior vice president of CACI. "I see this as equal to, or greater than, the nuclear threat."

Dottie Simeona, a principal with Booz Allen Hamilton and Associates, said there also needs to be a cultural change in the government contracting business to put high value on information security.

"It was the last thing to be addressed," Simeona said of a recent contract negotiation with the government. She said such a cultural change will also take "a while to ripple down to the level of everyday support."

But there is a silver lining to all this doom and gloom. Mikulski said that Maryland is uniquely suited to form a coalition of government, academic and business partners to meet the hacker threat and create jobs in the process.

She noted that the Navy's reactivated 10th Fleet Cyber Command is located in the state.

"We have the federal agencies and the civilian agencies and the academic environment," Mikulski said. "This is our frontier. … In protecting the nation, we will be the center. … I think we could go to as many as 30,000 to 40,000 jobs."

But before any of that can happen, the federal government needs to get serious about protecting its cyber frontier, according to Donald A. Purdy Jr., chief cyber security strategist for Computer Sciences Corp.

"We're not taking a strategic approach to cyber security," Purdy declared.

He said he developed a strategic plan for the Department of Homeland Security with milestones, deadlines and an operational hierarchy, but it was rejected for having too much accountability.

"We need specific milestones to track projects," Purdy insisted.

John Parris, CEO of Smartronix, agreed, saying, "The things we're spending our time on are ankle-biting," not strategic threats.

Parris called for a national dialogue on a hierarchy of information defense, since there is currently "no one person in charge."

Such a hierarchy, Purdy said, should have the power to cut Internet access for computers being used, directly or indirectly, for staging attacks on domestic servers.

He said there also needs to be stronger, internationally enforced laws to but cyber criminals behind bars.

"There are virtually no consequences for cyber crime," Purdy said. "If there is evidence that someone is doing something wrong, then they have to shut them off."

Mikulski assured Purdy that he and she were "on the same broadband," and mocked the efforts of the Federal Communications Commission and the Electronic Frontier Foundation to maintain a "free and open Internet."

However, Mead said there needs to be a discussion of online civil liberties, since many cyber attacks are launched from "bot-nets" of malware-infected personal and business computers whose owners have no knowledge of the infection.

Mead also suggested taking the electronic fight to the enemy, saying, "Sometimes, you have to spank the bad guys and beat them at their own game."