“Is there a FEMA for the Internet?” asked Paul Kurtz during his keynote talk at the Black Hat DC computer-security conference this morning.
If there were a major failure of Internet infrastructure–what Kurtz called a “cyber-Katrina”–he said it simply isn’t clear which government agency would be in charge of fixing it. “That’s pretty darn scary,” he added.
Kurtz, who worked with the Obama transition team and held senior security positions under both Bush and Clinton, called this one of three major concerns that the president should address when reviewing national cyber-security. He described Obama’s plans for cyber-security as “quite an ambitious agenda,” but said that a cyber-Katrina is one of the “taboo topics” that the president needs to work on.
The issue of military cyber weapons also needs review and discussions, according to Kurtz. He believes that the military should have the ability to detect attacks against communication networks, trace them back to their origin, and, if necessary, take countermeasures. “For those who would argue that the development of cyber weapons equals the militarization of cyberspace, I would argue: Too late,” Kurtz said. But he admits that the topic should be addressed publicly and openly. For example, people also need to think about and decide what actions in cyberspace constitute acts of war.
Kurtz also argued that the administration should work on synthesizing information gathered by intelligence agencies such as the NSA with data from law enforcement and private companies to combat attacks mounted in cyberspace. “There’s a reluctance to play ball with the intelligence community,” Kurtz said, attributing hesitations to scars left by the previous government’s willingness to engage in practices such as warrantless wiretapping.
Future cooperation could prove vital in heading off future attacks, Kurtz said, adding that in the past some information collected by U.S. intelligence agencies has been “too highly classified.”