The Department of Defense wants access to private computer systems in the name of cybersecurity. In addition to being a privacy nightmare, CIO.com columnist Rob Enderle says a centralized information sharing system will actually make the United States more susceptible to cyber attacks and suggests an alternate approach to cybersecurity. Last week Defense Secretary Leon E. Panetta presented his case for an invasive system to monitor the nation’s private systems in order to better identify and respond to cyber threats.Panetta correctly points out that the likelihood of a 9/11 scale cyber attack is real—and if something isn’t done, large sections of the U.S. infrastructure could fail. He uses as an example the successful attack on ARAMCO, a Saudi Arabian state owned oil company, which wiped 30,000 computers, causing massive data loss and rendering them temporarily useless. News: Future Cyber Attacks Could Rival 9-11, Cripple US, Warns Panetta Get the latest IT news and analysis from Constantine von Hoffman’s IT Security Hack blog The proposed remedy is to provide the U.S. government with broad access to private systems so that malware can be quickly identified and removed and other national threats identified and stopped. The problem is that such access creates privacy issues and may itself be a bigger problem than the threat it attempts to eliminate. Not only is the requested change unlikely to happen any time soon, it may increase the potential for either a domestic or foreign cyber attack.Central Network Eliminates Natural ProtectionOne hidden benefit in the fact that our systems often don’t share information well or have a common security structure is that attacks against infrastructure therefore have to be tightly targeted. This means an attack on one private or public system probably won’t even work on most others, since they run a variety of different security packages, operating systems and applications, all surrounded by different policies. One of the reasons we haven’t yet had a repeat of 9/11—that is, an attack that reaches catastrophic levels—is because these systems just don’t interoperate very well or share information at a low level. The amount of work to carry out such an attack currently exceeds the resources of the attackers.Create a central network where systems regularly and automatically share information in real time, though, and you also create a single point of access where such an attack can be perpetrated. You change an impossible problem into one that is just very difficult—and, given both public and private practices to put off spending on security until there is a credible threat or demonstrated damage, attacking this centralized system will likely get easier over time for an outside entity and may be too attractive for a properly placed disgruntled employee to pass up. Commentary: Failure of Senate to Pass Cybersecurity Act Leaves Us All At Risk Blog: Security Pros Blast US Cybersecurity LawsThe government’s recent history with security is a case in point. The death of the U.S. Ambassador to Libya showcased a situation in which the risks were real, and known, yet protections were reduced. After the attack, the political system focused on finding someone to blame, not assuring that the problem wouldn’t recur.In short, the very system Panetta is suggesting could be the key to causing the thing he is trying to avoid. A Better Short-Term Cybersecurity SolutionI see several things the government could do instead.Strengthen liability laws in order to fast-track the process for compensating companies that suffer damage caused by inadequate protection. Assure that compensation came from the budgets of the government organizations whose systems were targeted, in a manner similar to the way insurance companies pay out settlements. This would force agencies to increase their security budgets and audit the results to ensure they aren’t too exposed. Provide a common, required reporting method to report an identified attack along with a requirement for minimal legal coverage.Analysis: How the U.S Can Avoid a ‘Cyber Cold War’All this could all be done without connecting the systems or creating a central government body to access them. There would be little additional government cost and few, if any, privacy concerns for anyone not perpetrating or directly connected to an attack. In short, such a plan would promote a higher level of prevention through better-funded protection.‘Cyber 9/11’ Will Only Be Followed By More, Worse AttacksPanetta’s plan suggests that an attack is unavoidable. The problem with a method that almost assumes an attack will happen, or requires a successful attack in order to be implemented, is that it usually does more harm than good. After 9/11, poorly planned responses crippled the airlines industry and nearly bankrupted the country—and the integration of government communication systems that could have prevented the event in the first place is still not complete.The real concern is that we do, in fact, get hit with a 9/11 cyber attack, as the Department of Defense has anticipated, and that the response to the event either creates an even bigger financial or privacy problem or sets the stage for a much larger attack. None of these are mutually exclusive. Unfortunately, we need to anticipate such a dire outcome. If you are driven to interconnect your systems nationally, then doing it quickly, let alone at all, would be a very unwise idea.Rob Enderle is president and principal analyst of the Enderle Group. Previously, he was the Senior Research Fellow for Forrester Research and the Giga Information Group. Prior to that he worked for IBM and held positions in Internal Audit, Competitive Analysis, Marketing, Finance and Security. Currently, Enderle writes on emerging technology, security and Linux for a variety of publications and appears on national news TV shows that include CNBC, FOX, Bloomberg and NPR.Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +. Related content feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo news Alteryx works in generative AI for speedy analytics results OpenAI integration and AI wizardry for report generation are aimed at making Alteryx’s analytics products more accessible. By Jon Gold May 25, 2023 3 mins Analytics Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe