Cybersecurity: Lookin' Bad for the Good Guys

The United States, as well as any other nation hooked into the Internet, is losing the battle against cyberthieves and hackers looking to commit crimes and steal sensitive, and possibly classified, information from networks. And it doesn't look like we will be able to improve the situation much in the near future.

That sobering assessment comes from cybersecurity expert Seymour Goodman, who was in Washington, D.C., yesterday at the Hudson Institute to give a talk on securing the Internet. Goodman, a professor of international affairs and computing at the College of Computing at Georgia Tech, was frank about the extremely difficult path nations face in trying to secure the Internet. In fact he was downright apologetic. An excerpt from Goodman's response to a question about how viable his plan to secure cyberspace really is:

The bottom line, and I hope it doesn't sound too defeatist, and I hope it sounds more realist, is we got to do what we can. We got to fight the battle. We are losing it. ... It seems that the bad guys are more innovative, and they bring their innovations into practice much more effectively than we do, and again despite the fact that all the PhDs are on our side. ... We've just got to fight this battle the best way we can. I don't see any silver bullet solutions out there. The NRC [National Research Council] committee said the same thing. We said something nobody in Congress wants to hear, and that is this is going to be a long, tough battle. ... It is going to be a battle that goes on forever. And if we stop fighting the battle, we are going to be in a deeper hole than we now are. I'm sorry I don't have a better answer for you.

Goodman did offer a model on which to build a process to police the Internet: the International Civil Aviation Organization, the members of which must follow certain safety and security guidelines, among other rules. Goodman says the model could work because it is scalable (just about every United Nations member belongs to the ICAO), because its coverage area has increased over time (from general safety to acts against aircraft to acts against the aviation infrastructure), and because it is focused on prevention. The ICAO also has a proven record, reducing the high number of hijackings that occurred in the 1960s and 1970s to nearly zero today. "This thing sorta works," Goodman says.

But at the end of his talk, Goodman admitted that the model might not be a good analogy for cyberspace because of one huge difference: the civil aviation infrastructure is finite. There are a finite number of airplanes, all of which must land at a finite number of airports, all of which are at a fixed, known location. Cyberspace and the number of computers with access to the Internet are increasing, and cyberspace is ubiquitous. It's everywhere. "So it is easier to organize this [civil aviation] case than it is to organize the cybercase," Goodman admits.

So, is it hopeless to try to make the Internet safe? Goodman's response: "We just can't say the cybercase is hopeless."

In other words, we have to believe, despite the enormous odds facing us.

That's not a real encouraging assessment. But then again, Goodman says he'd rather be a realist.

(C-Span broadcast Goodman's talk in its entirety.)