Image by Lyn Millett via Flickr
Technology Thursday
A few days ago I heard on the radio about a computer worm called Conficker. Apparently computer security experts said that it was likely that Conficker had infected hundreds of thousands, if not millions, of PCs and was scheduled to do something nasty on April 1. Fortunately, the day passed with little drama and no major damage was seen. Nevertheless, keeping our personal computers secure and free from viruses is a daunting task and frankly most of us don't manage to do it. Even after I heard about the Conficker virus, while I thought about making sure all the software on my PC was up-to-date, I didn't manage to do so. Who has the time?
But given the nature of viruses and worms these days, each individual's actions with respect to computer security can have repercussions beyond their own data and PCs.
Often malware is created that will use a weakly-protected PC as one base of operations or one node in a larger attack. So your PC could be doing damage to others that you know nothing about. I think it's a mistake and misleading to blame individual computer users for this state of affairs, though. If computers were easy to use and manage and less prone to wonky behavior, we'd probably all be a lot more willing to do some lightweight maintenance. As it is, even though both my spouse and I are nominally "computer experts" we each cringe and sigh at the thought of preparing backups prior to doing routine upgrades. It's a major chore in a long list of major chores we have just to maintain a household.
However, as more and more of the nation's critical infrastructures, from the energy grid to transportation systems to communications networks to say nothing of defense systems, depend on information technology and the Internet, governments have an increasing interest in the security of IT systems. This includes both government-owned and operated systems as well as private systems that may use or affect government systems. On the same day that Conficker was said to be likely to launch its attack, two Senators introduced a bill to centralize federal cybersecurity in the White House. Their bill would give the government increased control and influence over not just government and military networks, but private ones deemed crucial to national security as well. According to the Washington Post:
The Rockefeller-Snowe measure would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. It would require the National Institute of Standards and Technology to establish "measurable and auditable cybersecurity standards" that would apply to private companies as well as the government. It also would require licensing and certification of cybersecurity professionals.
Senator Snowe pointed out that the legislation is roughly parallel to set of recommendations issued by the Center for Strategic and International studies in a report titled Security Cyberspace for the 44th Presidency.
Given our increased dependence on computers and information technology and given the range of threats - viruses and worms, terrorists, industrial espionage - concerted federal attention to this issue seems warranted. At the same time, as with any large effort, the devil is in the details. What sort of control should the government assert over private companies' networks and data? How will civil liberties be protected and individual freedoms be respected? Does the federal government house enough expertise to manage this task? And so on. Stay tuned. . .
Thank you for not making us luddite computer users responsible for malware that may run on our computers. I do my best but I'm sure the hackers are cannier than I am. The questions you raise are so important -- I look forward to reading your future posts as the situation unfolds.
Posted by: Katherine | Thursday, April 02, 2009 at 10:58 PM
Here's a Conficker Eye Chart - how to tell if you're infected by Conficker (no joke, apparently):
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
Posted by: Lyn Millett | Friday, April 03, 2009 at 12:38 PM