Al Depman: We need more imagination to protect against cyberattacks
The aliens in the 1998 film "Independence Day" always struck me as incredibly stupid. They created death rays and an interstellar mothership. Yet, one man with a Macintosh laptop created a virus to take down an alien computer system. As a result, all the alien technology crashed, literally and figuratively. It seems that:
• Alien network security was nonexistent;
• Highly advanced aliens don't create redundant systems to protect their primary defenses; and
• Space-faring aliens lack imagination.
Is there an analogy between the "Independence Day" aliens and our Internet-dependent nation today? Are our cyber-defenses ready to repel an outside attack?
After we were first invaded in Dec. 7, 1941, Secretary of War Henry Stimson wrote in a 1945 report on the Pearl Harbor attack: "A keener and more imaginative appreciation on the part of some of the officers in the War and Navy departments of the significance of some of the information might have led to a suspicion of an attack specifically on Pearl Harbor." Note the word "imaginative."
After the second attack on our shores, the 9/11 Commission Report in 2004 stated: "We believe the 9/11 attacks revealed four kinds of failures: in imagination, policy, capabilities and management." Imagination again.
Have we learned our lessons?
In his new book, "Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath," Ted Koppel offers a definitive "no." On PBS' "Newshour," Gwen Ifill asked Koppel if his interviews with former heads of the departments of homeland security and defense gave him a sense of what they what to do if a cyberattack happens.
Koppel responded: "Probably not. Several of them know that the likelihood of it happening is great. When I spoke to Janet Napolitano just after she left as secretary of homeland security — and she had been on the job for five years — I said to her, what do you think the chances are of a cyberattack on the power grid? She said very, very high, 80 to 90 percent. It seems to me inevitable that we have to deal with this. But maybe, because we don't know what the answer is, we have not even begun to do so."
Are we prepared locally, especially the information-rich Mayo Clinic?
In an Advisory Board Co. Web briefing, former Mayo Clinic Chief Information Security Officer Jim Nelms, who resigned in September, said defending against data breaches is extremely difficult, noting convincing hospital staff of the need is key. When he implemented a system, he said, "a lot of the response was, 'We live in a cornfield in the middle of Minnesota. Who wants to hurt us?'"
I'll take that as a "not really ready." And as the clinic goes, so goes Rochester.
What can we do? Short of restocking 1960s bomb shelters, we can encourage senators to approve the National Cybersecurity Protection Advancement Act of 2015, which passed the House in April. The bill would open cybersecurity communication among federal, state, corporate and non-governmental organizations, allowing us to advocate for:
• Redundant systems, making us less dependent on things such as Internet cables under the sea.
• Planning for electro-magnetic pulses that could wipe out communication and commerce for millions.
We don't want to be the aliens in "Independence Day." We're smarter and more imaginative. Let's not wait for the sequel to prove it.
Al Depman, of Rochester, is a member of the Post-Bulletin's Community Editorial Advisory Board.