You may not realize it, but your home computer is a potential threat to national security. With an Internet connection and a few accomplished keystrokes, you have the ability to shut down electric and telecommunications grids, nuclear plants, water systems, subway trains, even the United States government. Yes, that seemingly innocuous eggshell colored box of metal and plastic on the desk beside you is capable of becoming a formidable weapon of cyber terrorism.
Soon, if you use your Dell or Mac in the wrong way, you may earn a life sentence in prison.
This past Monday, the House of Representatives overwhelmingly approved a bill that would allow for life prison sentences for malicious computer hackers. H.R.3482, otherwise known as the Cyber Security Enhancement Act (CSEA), was passed on a 385-3 vote. Only Ohio Democrat Dennis Kucinich, Texas libertarian Ron Paul and Republican Jeff Miller of Florida stood up against it. It will now head for the Senate.
“Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives,” said the bill’s sponsor, Lamar Smith, R-Tex. “A mouse can be just as dangerous as a bullet or a bomb.”
If you bother to ask any well-informed computer security expert, chances are she may tell you computer systems are routinely left wide open to attack due to lazy system administration, easily guessed passwords, out-dated firewalls, and a general lack of virus software. In fact, the number one threat to computer network security is not America-hating terrorists, but disgruntled and careless employees.
Will the employee with a grudge who takes down an e-commerce site for the afternoon be subjected to life in prison? Under the provisions of this bill, it is a distinct possibility a bitter or vengeful employee who has tampered with a computer network will never see the light of day again, that is if it is decided “the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure.” Of course, we may argue if eBay is a “critical infrastructure.”
Easily compromised e-commerce web sites and corporate networks aside, it would seem our government – ever so security conscious since the calamitous events of 911, as we are continually reminded – needs to shore up its own glaring vulnerabilities before passing draconian laws that will ultimately prove useless so long as networks remain easy pickings for hackers.
Back in May, for instance, the Navy was forced to take down an important computer network after hackers gained access to employee passwords and other vital user information. While SPAWAR – the San Diego-based Naval command that serves as the information technology provider for the entire US Navy – assured the public no classified information was snatched, the incident was not only a major faux pas, it also demonstrated how easily the military’s computers can be hacked. Over the last few years, dozens of military and government sites have been hacked and defaced with relative ease.
Finally, while civil liberties groups have objected to portions of CSEA, big corporations such as WorldCom and Microsoft have fervently endorsed it.
Any endorsement by WorldCom – the now infamous cooker of books and purveyor of other financial misdeeds – should be viewed as nothing less than seriously tarnished and thus its endorsement should be discarded out of hand. Microsoft’s endorsement is nothing short of ludicrous, considering it is the most prolific dispenser of security compromised software on the planet. Instead of backing ineffectual laws aimed at life sentences for hackers – most of whom will have no association with the likes of Usama bin Laden – Microsoft should go back to the drawingboard and engineer secure email and server software.
As for the government, they need to make sure their own house is in order before drafting and passing more wasteful and unnecessary legislation.
Kurt Nimmo is a photographer and multimedia developer in Las Cruces, New Mexico. He can be reached at: firstname.lastname@example.org