By Marc Goodman
Marc Goodman has spent a career in law enforcement and technology. He has served as a street police officer, senior adviser to Interpol and futurist-in-residence with the FBI. As the founder of the Future Crimes Institute and the Chair for Policy, Law, and Ethics at Silicon Valley's Singularity University, he continues to investigate the intriguing and often terrifying intersection of science and security, uncovering nascent threats and combating the darker sides of technology. Follow him on Twitter: @FutureCrimes.
Of the 6, 494 words President Obama uttered in his January 2015 State of the Union Address, only 108 of them were dedicated to the topic of our growing technological insecurity. Sure, the leader of the free world has a lot on his plate, but the President's legislative proposal to "enhance information sharing" and "mandate national data breach reporting" are likely to have a minuscule impact on a serious and growing problem.
Indeed, suggesting these measly offerings would make any meaningful difference in our global cyber security is akin to applying sunscreen and claiming it protects us from a nuclear meltdown - wholly inadequate to the scale and severity of the problem. It is time for a stone-cold, somber rethinking of our current state of affairs. It's time for a Manhattan Project for cyber security.
The major hacking incidents over the past few months, whether it was the Sony Pictures attack allegedly carried out by North Korea or the hundreds of millions of accounts penetrated at Target, Home Depot and JPMorganChase purportedly by Russian organized crime, make it clear that all our online data - whether financial, personal or intellectual - is at risk.
But we have a bigger problem: Computers run the world. They run our airports, our airplanes, our cars, our hospitals, our stock markets and our power grids-and these computers too are shockingly vulnerable to attack. Though we're racing forward at breakneck speed to connect all the objects in our physical world - the tools we need to run our society - to the Internet, we still fundamentally do not have the trustworthy computing required to make it so. We've wired the world, but failed to secure it.
Indeed, it has become plainly clear that we can no longer neglect the security, public policy, legal, ethical, and social implications of the rapidly emerging technological tools we are developing. We are morally responsible for our inventions and though our technological advances are proceeding at an exponential pace, our institutions of governance remain decidedly linear. There is a fundamental mismatch between the world we are building and our ability to protect it. Though we have yet to suffer the sort of game-changing, calamitous cyber attack of which many have warned, why wait until then to prepare?
There are good examples in history where we as a society have brought together expertise in anticipation of catastrophic risk before it occurred. When it was discovered in 1939 that German physicists had learned to split the uranium atom, fears quickly spread throughout the American scientific community that the Nazis would soon have the ability to create a bomb capable of unimaginable destruction. Albert Einstein and Enrico Fermi agreed that President Franklin Delano Roosevelt had to be apprised of the situation.
Shortly thereafter, the Manhattan Project was launched, an epic secret effort of the Allies during World War II to build a nuclear weapon. Facilities were set up in Los Alamos, New Mexico, and Robert Oppenheimer was appointed to oversee the project. From 1942 to 1946, the Manhattan Project clandestinely employed over 120, 000 Americans toiling around the clock and across the country at a cost of $2 billion. Those working on the Manhattan Project were dead serious about the threat before them. We are not.
While no sane person would equate the risks from the catastrophic impact of nuclear war with those involving 100 million stolen credit cards, we must surely recognize that the underpinnings of our modern technological society, embodied in our global critical information infrastructures, are weak and subject to come tumbling down either through their aging and decaying architectures, overwhelming system complexities or via direct attack by malicious actors. It's high time for a Manhattan Project for cyber security.
I'm not the first to suggest such an undertaking; many others have done so before, most notably in the wake of the September 11 attacks. At the time, a coalition of preeminent scientists wrote President George W. Bush a letter in which they warned, "The critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyber attack. Fast and resolute mitigating action is needed to avoid national disaster."