ABSTRACT: Cyber Security and the Vulnerability of Networks: Why We Need to Rethink Our Cyber Defenses Now

Andrew Updegrove, Partner, Gesmer Updegrove LLP

5/27/2011
(Original Publish Date: 4/30/2011)

While network effects provide great benefits, they can also lead to great risks as dependencies evolve, especially where alternative networks do not exist. The Internet is increasingly becoming the unique host for essential capabilities and services, as government, finance, energy management, supply chains, telephony and much more abandon traditional channels and migrate to the Web. Now, the cloud computing model is being heralded as the information technology (IT) architecture of the future, raising the prospect that rapidly growing concentrations of crucial data and software (of all types) will exist in fewer and fewer data centers, despite the fact that measures are unlikely to be deployed that can provide complete security to these centers against cyber and terrorist attacks (as well as actual war). It is therefore vitally important that virtual and physical security standards be developed and implemented to guard against the very real prospect that an asymmetric attack by any of a variety of potential enemies could bring a modern society to the verge of collapse. In this article, I outline the growing risks, and suggest the types of physical and virtual security standards frameworks that should be developed and implemented to minimize vulnerability to catastrophic attacks, and to maximize the likelihood that a society could rapidly recover from a massive cyber or physical attack against its IT infrastructure. I conclude by evaluating the degree to which the Obama administration's new cyber security proposal will be sufficient to protect the United States from systemic cyber risks.