The U.S. government must begin by diversifying the country's digital infrastructure; in the virtual world, just as in a natural habitat, a diversity of species offers the best chance for an ecosystem's survival in the event of an outside invasion.
In the early years of the Internet, practically all institutions mandated an electronically monocultural forest of computers, storage devices, and networks in order to keep maintenance costs down. The resulting predominance of two or three operating systems and just a few basic hardware architectures has left the United States' electronic infrastructure vulnerable. As a result, simple viruses injected into the network with specific targets -- such as an apparently normal and well-trusted Web site that has actually been infiltrated -- have caused billions of dollars in lost productivity and economic activity.
Recently, national intelligence authorities mandated a reduction in the number of government Internet access points in order to better control and monitor them. This sounds attractive in principle. The problem, of course, is that bundling the channels in order to better inspect them limits the range of possible responses to future crises and therefore increases the likelihood of a catastrophic breakdown.
Such "stiff" systems are not resilient because they are not diverse. By contrast, the core design principle of any multifaceted system is that diversity fortifies defenses. By imposing homogeneity onto the United States' computing infrastructure, generations of public- and private-sector systems operators have -- in an attempt to keep costs down and increase control -- exposed the country to a potential catastrophe. Rethinking Washington's approach to cybersecurity will require rebalancing fixed systems with dynamic, responsive infrastructure.
Wesley Clark and Peter Levin argue that a diverse IT infrastructure is a more secure IT infrastructure in Securing the Information Highway: How to Enhance the United States' Electronic Defenses in the November/December 2009 issue of Foreign Affairs.
No comments:
Post a Comment