In your book Cyber War, you spell out what the U.S. needs to do to protect itself digitally. What are three priorities?
Job One would be to have the government work with Internet service providers—the half dozen companies that operate the big pipes through which all the data traffic comes into the country—and require them to be looking for specific attacks. I don't want the government to do the actual scanning because that raises privacy issues.
What's the second job?
Securing the power grid. Making sure that the networks and systems used to control it aren't connected to the Internet, where they can be attacked. Then you make sure there's a diversity in the operating systems being used, and, where possible, use proprietary operating systems.
Aren't power utilities already required to lock their systems down?
They are. The only problem is that the Federal Energy Regulatory Commission doesn't have the audit capability to find out if they're complying with the regulations.
And the third thing you'd do?
Start thinking about fundamentally re-architecting the Internet. We're still using the basic architecture that Vint Cerf came up with 30 or 40 years ago. I'd start putting some R&D money into efforts to see if there are other ways of running the Internet than the system we developed back when we thought everyone using it would be honest.