The Public Eye with Eric Chabrow

Infosec Pros' Dirty Little Secrets

Infosec Pros' Dirty Little Secrets

Did CBS News cause harm or good by exposing the vulnerabilities of the nation's critical IT infrastructure in a 60 Minutes report on Sunday?

In the segment, the nation's former top spy, retired Adm. Michael McConnell, said he believes adversaries could take down the country's power grid through the Internet, asking:

"Can you imagine your life without electric power?"

The program also showed a video of engineers at the Department of Energy's Idaho National Labs blowing up a generator over the Internet as well as quoting several cybersecurity experts saying how key military and other systems have been infiltrated by other our adversaries.

Mark Weatherford, California's chief information security officer, wasn't surprised by the report; like most information security pros, he's well versed on IT vulnerabilities. Yet, he seemed a bit taken back by the reaction of some fellow IT security pros who felt such information should be classified or that the story would make the United States a bigger target. In his blog, Weatherford writes:

"Maybe the public does need to know? We just finished up with National Cybersecurity Awareness month in October and while it's typically 31 days focused on personal computer awareness and identity theft, maybe bigger topics like these cyber events and threats that actually pose harm to our way of life should be the focus. I'm not one for blowing things out of proportion or spreading FUD (fear, uncertainty and doubt) but these threats are real and they aren't going to go away unless we begin devoting the right resources to fix the problems."

Such publicity won't aid our enemies; they already know of our weaknesses. The more the public knows of the vulnerabilities to the nation's key IT systems, the more likely they'll demand the government and private sector collaborate to devise the proper safeguards. As Weatherford writes:

"Ignoring the problem certainly hasn't done any good and for those who believe in 'security through obscurity,' the question is simple - is the cybersecurity problem in America getting better or worse? While there may be things that the public is better off not knowing, sometimes very stark words like those of Adm. McConnell (can) make people sit up and pay attention."

What do you think? Share your thoughts below.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.