I recently started a popular series of murder mysteries by J.D. Robb. They feature Lt. Eve Dallas, a New York cop, and her husband Roarke, a multi-billionaire who got his start in part by hacking computers. During the course of the series, in the interest of justice, Roarke has hacked police, government and personal computers in order to get his wife information she needs to solve heinous murders.
Roarke’s expertise with computers keeps the storyline flowing, which as a reader, I appreciate. However, as an employee of CDKWeb, I’m horrified at the ease in which he is able to obtain the needed data. Especially because the more I read true-life headlines and listen to the nightly news, I find that security breaches and hacked computers are not just a fiction device to further a story line.
Personal data has been stolen from the Veteran’s Administration, the Social Security Administration, even the Department of Defense. Who hasn’t heard about the WikiLeaks in which more than 250,000 U.S. diplomatic cables containing Secret level information were published to the world wide cyber community? A major federal loan guarantor reported that data on 3.3 million borrowers had been stolen from a portable media device. The device contained the names, addresses, dates of birth and Social Security numbers of their clients.
As a result, the U.S. government has launched one policy initiative after another to protect critical IT infrastructure in coordination with the private sector. Even so, computer breaches from foreign parties, fast-spreading worms, and hidden malware have outpaced the advances, leaving computer systems and networks across industries more vulnerable than ever.
To reverse this treacherous development, Uncle Sam and businesses have three areas of direct attention:
- First, the public and private sectors need to share more information-more parties must be included and new platforms used.
- Second, they must pay more attention to defending against attacks that threaten critical IT infrastructure and even damage physical facilities.
- Third, their collaboration must be ratcheted up to the next level: real-time identification and response as threats occur and, more to the point, moving security practices from a reactionary posture to one that’s proactive and preemptive.
Even those private businesses who don’t deal with the government or government contracts should adopt and benefit from the more resilient cyber defenses. The threats are growing in number and severity. Information sharing is an important first step. Something I couldn’t help but think would have aided Eve Dallas and Roarke in their crusade to catch the bad guys.