It seems that every time we have an incident, the cry goes up for “more and better”.  Well, that does not work well with the Cyber space.  If you are not steadily moving in a positive direction, you will go backward, and you never go fast.

The “Korean Virus” attacks have gotten everyone’s attention.  One group is using it as a justification that these attacks are “just a nuisance”, since these did not do any serious damage.  Another says it is time to “unleash” our offensive cyber capability against the NK malefactors.  Great, if they really did it.  Other, steadier heads think we should use this as a Free Red Team exercise, study it, learn what we did right, and what we did wrong, and then fix it.  I proudly stand in the last group.

This incident did not cause any real damage, but it surely could have.  Had the attackers been a little more sophisticated, we could have been hurt badly.  It showed us several major weak points, which I mentioned in an earlier post.  The unevenness of our defensive capabilities leaves us very vulnerable to a really competent enemy.  We have to fix that as soon as possible.  DoD and the IC must export their experience and expertise to the rest of the Gov’t, who are just now realizing that enemies may want to hurt them, or steal their data.

We do not need a new Dept of Cyber Security, but we do need a consistent and strong government wide push to defend our cyber infrastructure.  Let’s learn from this embarrassing but relatively painless incident.  The next one could hut a lot more.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More