The recent crash of Twitter, Facebook and other Internet networking sites may have been just an inconvenience for some, but it highlights the need for stronger cybersecurity measures.
Dispersing authority for this work is not the solution. Rather, it should be made a priority within the Department of Homeland Security with a timetable for security improvements.
Attempted attacks happen every day, Sen. Susan Collins, the ranking Republican on the Senate Homeland Security and Governmental Affairs Committee, said recently. The briefings the committee gets are “alarming.”
It should be alarming that an apparent feud over the origins of last summer’s fighting between Russia and the Republic of Georgia could shut down numerous Internet sites for hours earlier this month. The cyberattack sought to shut down the blog of a professor in Georgia, who says his blog is meant as a place for refugees from the fighting to share their recollections.
The attackers, believed to be Russian, sent out millions of spam e-mails under the professor’s online name, making it look like they came from him. The huge volume of e-mail shut down the Twitter and LiveJournal sites and disrupted service for Facebook and YouTube.
It took Twitter, the popular Web site where people exchange short messages, more than 24 hours to recover.
If a dispute over who began the fighting in Georgia can cause this many problems, a cyberattack meant to shut down water systems or disrupt military communications could be devastating. So it is troubling that the issue has not gotten the attention it deserves.
Earlier this month, Melissa Hathaway, the White House’s cyberdirector, resigned, leaving a gaping hole in the administration’s computer security team. The White House has yet to appoint a “cyberczar,” a person within the administration responsible for computer security.
With Ms. Hathaway’s departure, the administration has an opportunity to rethink the czar plan.
One reason for the delay is that there is a disagreement over whom the czar would report to, with both the national security adviser and national economic council adviser wanting that authority.
Such infighting is unnecessary as may be the entire czar concept. Rather than creating a system parallel to, but separate from, the government’s various departments, the administration should work with the departments to ensure that work like cybersecurity standards and financial market regulations is done quickly. Another layer of duplication slows this work while dispersing authority to the executive branch.
Worse, as Sen. Collins notes, the proliferation of czars undercuts Congress’ oversight authority since it is unusual for it to compel members of the White House staff to testify. This would leave Congress unable to review the czars’ budgets and authority at the same time government departments are doing the same work.
She plans to introduce legislation to clarify the Department of Homeland Security’s role in dealing with cyberattacks.
Such clarification is needed before an attack does more than disrupt Twitter.