Cyber Lessons Learned from the Gulf Oil Catastrophe

If there is one resounding lesson from the Gulf oil disaster, it is that depending on the private sector to protect one’s Nation and one’s natural resources doesn’t work. Various reports seem to indicate that BP is vetting all activities based on its own potential cost and not on the social costs that their decisions are inflicting upon others, particularly those on the Gulf Coast dependent upon clean water and beaches for their livelihoods, not to mention the countless sea creatures, birds and vegetation that are being destroyed.

On ABC News’s “Good Morning America” on Monday, May 31, 2010, Chairman of the Joint Chiefs Adm. Mike Mullen was asked by anchor and chief political correspondent George Stephanopoulos what the military can do to help cap the oil gusher and clean up the mess. You can see the interview at  in which you can hear Adm. Mullen discuss “whether military intervention is a viable solution.”

In the interview, Adm. Mullen was reportedly responding to remarks made the prior day by Colin Powell to the effect that “it’s time for a comprehensive, total attack on this problem.”. Mullen pointed out that the military does not have the necessary equipment, which the oil industry has, and therefore must rely on British Petroleum (BP) to deal with the gusher. That is to say, the government is at the mercy of private industry. It is also clear from various reports that BP management has its own agenda, of which one item is to minimize the company’s costs.

If we extend this view to other aspects of the critical infrastructure, particularly cyberspace, we see an equally bleak picture. For example, on the anniversary of President Obama’s May 29, 2009 speech on cybersecurity, Jack Goldsmith and Melissa Hathaway published an article, “The cybersecurity changes we need,” in the May 28, 2010 issue of The Washington Post, available at  In the article, they point out that the Obama administration “has made little progress toward this goal [of making the digital infrastructure secure, trustworthy and resilient] … largely because cybersecurity is seen as a tax on short-term economic growth.”

Are Goldsmith and Hathaway insinuating that White House economic adviser Larry Summers and his staff had put cybersecurity on the back burner in favor of the economic agenda? I addressed this in my June 15, 2009 column (yes, it’s been a year), “Here We Go Again … Demoted Security,” in which I suggested that cybersecurity and economic growth are not an either-or proposition. In fact, rather than being a tax on economic growth, cybersecurity can foster growth and protect and preserve its long-term continuation. Security really can be an enabler if done right.

I have also stated that there is great danger in the fact that no one is in charge of the critical infrastructure “commons” … see my May 18, 2010 column “What Richard Told Rachel.” The Gulf of Mexico oil fiasco is a good illustration of this.

Much as there are problems with government grabbing control of huge chunks of the private sector, even during crises, such takeovers and bailouts have recently been shown to work in the financial and auto industries, despite there also being some negative consequences. Perhaps there would be major benefits from government intervention into what is currently the private sector’s cyberspace. I think so. Depending on one’s point of view, we might not yet be facing an immediate cyber catastrophe (though others believe we’re already in one), but wouldn’t it be better to apply an ounce of prevention now rather than megatons of cure after a catastrophic cyber event?

One Comment

  1. Gary Hinson Jun 19, 2010 at 3:36 pm | Permalink


    You have a curious faith in the gummt. Do you really think that the gummt would have solved the oil well crisis if it had been in charge? Do you trust the gummt to secure cyberspace and critical infrastructure?

    Remind me: who was it that allowed 911 to happen? And Katrina? And …. well there’s no shortage of similar examples where the gummt responses, and especially their preventive measures, were demonstrably and patently lacking.

    Truth is that gummt, commercial industry and other groups and indiviuals are ALL fallible. What’s needed is more attention to risk mitigation, including (1) more investment in incident prevention measures, AND (2) decent contingency planning, with sufficient resources being prepared and kept in reserve to deal with the inevitable control failure that happen and will continue to happen despite (1). Implying that the gummt would not be in the same mess as BP is disingenious.


Post a Comment

Your email is never published nor shared. Required fields are marked *