For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in....
One wonders if The Times would have been so upset if the Chinese had then turned the hacked information over to WikiLeaks.
What entity wasn’t at all involved in the thwarting? The federal government. The Times hired security breach response company Mandiant, and worked with them and network monitor AT&T through to the successful resolution.
The way to handle Cyber Security is through the efficient, expert private sector.
Meanwhile, we have President Barack Obama threatening to drop a government-centric, top-down Cyber Security Executive Order.
The draft order gives agencies several deadlines to meet, either by writing reports or creating and implementing frameworks.
For instance, 90 days after the EO is signed by President Barack Obama, the cybersecurity council — led by the Homeland Security Department secretary — must develop a report to determine which agencies should regulate which parts of the critical infrastructure. The creation of the council is in section 2 of the draft EO.
Nothing says security and rapid-fire execution like the involvement of multiple government agencies. Why don’t we instead do what The Times did - go private?
The federal government does everything in a tectonically-slow, ham-and-heavy-handed manner. Nowhere would this be more devastatingly damaging than were they in charge of anything having to do with the lightening-fast World Wide Web. But we have for Cyber Security a far better model to emulate – the military contractor model....
(A) great deal of our military processes are contracted out to private companies who are experts in their fields. The Defense Department doesn’t devise, design and build jets – companies like McDonnell Douglas do. Military electronics and all manner of technical hard and software are produced by companies like Northrop Grumman, not the Pentagon....
(A)t the end of the day, who do you trust more? A for-profit private company, that wins a competitive bidding process? Or the biggest, most incompetent nightmare monopoly of them all – the federal government? How are government schools doing it for you?
Cyber Security is certainly a part of national security. There is, therefore, a legitimate federal government role to be played. And it should be the same role largely played with Defense – contracting out to people who know what they’re doing.
Outsourcing Cyber Security solves a lot of problems. Besides the dramatically improved speed and execution, it builds a firewall (get it?) between the government and the unimaginable scads of data collected.
The (Obama) Administration (in its Executive Order) is also demanding all sorts of our private information be rendered unto Caesar, often with very little in the way of limits, or protections. Shocker. Even the best bill – Congressman Mike Rogers’ CISPA - is too government-centric and overly broad, and has raised concerns all across the ideological spectrum.
What The Times incident yet again proves is that having the private sector handle Cyber Security is not only good in theory - but in practice.
Congress should preempt the President’s Executive Order with a Cyber Security-outsourcing legislative alternative.