Comment Articles

Lack of urgency plays into cyberterrorists' hands

Charles Cooper CNET News

Published: 19 Sep 2003 17:30 BST

After a rash of security flaws wreaked havoc upon millions of people who use Microsoft's operating systems, Steve Ballmer blew into Silicon Valley this week to make a public mea culpa in front of a roomful of industry executives.

Speaking at the Commonwealth Club, Microsoft's chief executive confessed to being "humbled" by the attacks, and pledged to redouble the software maker's efforts to make its products more secure.

I don't think a staged PR event will mollify angry computer users. Ballmer's handlers no doubt recognised the groundswell of resentment building in reaction to the security holes turning up in Microsoft software.

Still, there's a limit to how far you can pursue Microsoft for faults, real and imagined. The company obviously has a lot of work to do. But in assigning blame for the seemingly never ending series of cyberattacks, don't lose sight of the fact that the real culprits in this scenario are the bad guys who break the law by writing viruses.

And if you think the problem is confined to the struggles of one company, think again. This is a lot bigger than Microsoft. In a world populated by "thieves, con artists, terrorists and hackers" -- to borrow Ballmer's phrasing -- worm outbreaks like MSBlast may very well go down in history as mere child's play when compared with what's being hatched in some cave along the Pakistan-Afghanistan border.

The bigger worry is the slow-motion response of the federal government to attach the same seriousness to computer attacks that it does to terrorism. Unfortunately, the hired help in Washington just does not get it. If they do, they're going out of their way to disguise the fact. No less a personage than Richard Clarke is now blasting his former employer for taking a lackadaisical approach to protecting the nation's information infrastructure. A counterterrorism adviser to Presidents Bill Clinton and George W. Bush, Clarke is at a loss to explain the government's lack of urgency on combating cyberterror.

"The government is less capable now of securing its network than it was a year ago," said Clarke, adding that "the reorganisation of security into (the Department of Homeland Security) has, in the short term, made things worse."