WASHINGTON-In the aftermath of the recent wave of cyber attacks, President Clinton immediately called for and hosted a high-profile summit with Net and telecom executives. Last week, congressional hearings were held. So, far, they all have come to the same, sobering conclusion: There is no quick fix.
Kevin Mitnick, out of jail after serving time for cell phone and computer fraud, boasted before a Senate panel last week that breaking into a computer or Web site is possible for anyone with the time, money and motivation.
All this is not encouraging news for the wireless industry, which is in the nascent stage of transforming itself into a hot e-business for the 21st century. The opportunity for wireless firms is potentially huge, albeit uncertain.
The Commerce Department last week said e-commerce accounted for $5.3 billion during the Christmas season, a figure that while lower than expected is still significant considering the novelty of Net business.
It turns out, the challenge of Net security is one huge, cyber conundrum.
For Sprint PCS and other wireless firms on the cutting edge of e-commerce, security is just one more issue that must be factored into the mix as executives develop new business models emphasizing data.
The Net’s architecture was not designed with security in mind. On the contrary, the Net was created as an open medium for exchanges among government scientists. E-commerce was not in the plan. Neither were cyber attacks, a reality that has become arguably the biggest threat to the New Economy generally and the fledgling e-commerce business specifically.
Yet for all their angst over cyber attacks and appeals for help, Net executives are not especially anxious to see government intervention in an unregulated industry that has produced millionaires and billionaires in recent years.
Some lawmakers, like Rep. Bill McCollum (R-Fla.), agree.
“While I will not shy away from addressing this problem with new laws if it is warranted, I do believe the private sector bears a good measure of responsibility for taking the steps necessary to protect itself from these attacks,” said McCollum, chairman of the House Judiciary subcommittee on crime, at a hearing last Tuesday.
On their own, some high-tech firms are sharing information about cyber threats. But their reluctance to forward warnings of attacks that temporarily crippled Web sites of Yahoo!, Amazon.com, eBay, ETrade and others last month is powerful testimony to their distrust of government.
The Clinton administration has requested an additional $37 million to fight cyber crime over the $107.4 million appropriated for this fiscal year.
But even the money itself is a problem. There is squabbling among lawmakers and the Clinton administration about how best to spend taxpayer dollars on cyber crime and what the government’s cyber defense should look like.
Industry and government officials concede money alone won’t solve the problem.
Ironically, it is the human element that apparently is missing in efforts to curb cyber crime. Indeed, Mitnick said his hacking success was made possible by getting company employees to give him sensitive information over the telephone-a technique he calls “social engineering.”
Cyber crime is a highly technical matter that requires highly skilled personnel, the kind who are in short supply and in great demand. Cyber skills pay good money, more than the government can pay.
“The greatest single challenge we face is how do we attract people to deal with the issue [cyber crime],” Attorney General Janet Reno last week told a Senate appropriations subcommittee that oversees the Justice Department.
“It is going to be a very difficult thing, but we’re going to try.”
“We’ve got to pay them the best salaries,” said Sen. Ben Nighthorse Campbell (R-Co.)
Despite the high-tech industry’s desire to keep the federal government at bay, legislation is coming anyway.
Sens. Jon Kyl (R-Ariz.) and Charles Schumer (D-N.Y.) have introduced legislation to allow nationwide wiretaps. Today, wiretaps have to be secured court by court, town by town. Silicon Valley may or may not object, but the measure is not apt to be warmly embraced by privacy advocates.
