Heartbleed portends larger security threats

Coverage Type: 

[Commentary] Tens of millions of Americans have been affected by the theft of their personal information in the digital age. Then, it was discovered that a bug had crept into OpenSSL that could allow intruders to read encrypted data contained in memory, such as passwords or credit cards. The bug has been called “Heartbleed” and could allow attackers to eavesdrop on communications, steal data and even impersonate users and Web services. We’re tempted to say this ought to be a wake-up call, but we have already had so many wake-up calls.

To put it bluntly: As a country and as a society, we have come to depend on a vast, interconnected system; if one small part fails, the impact is widespread. As noted in a forthcoming Atlantic Council report, the Internet was created to be based on trust, not security. Yet we continue to discover that it is vulnerable to theft, intrusion and disruption on an appalling scale. We are living in an age of growing danger but reacting with complacency.

The Administration unveiled a useful initiative, promising that sharing cyberthreat information among companies would not bring on antitrust liability. But this, and President Barack Obama’s other measures, including his voluntary cybersecurity framework, represent only what is doable given a continued lack of a consensus in Congress and a failure in the private sector to take all threats more seriously. They are timid measures in the face of an epic heartburn that will be costly for us all.


Heartbleed portends larger security threats