As we start the second decade of the 21st century, America’s Intelligence Community (IC) finds itself pressed to deal with the “Wild West” frontier of an ever-expanding cyber space.
From Twitter to blogs to e-mail, the changes are coming hard and fast for governments, businesses and individuals worldwide – accelerating at a dizzying pace in the past five years. For a 20th century institution like the U.S. IC, it is hard to keep up with what is a threat, what is not and what to do about it.
Some things stay the same. Nation states like China and Russia continue to steal political and military secrets but now use cyber space to do so. However, less traditional entities now play the game as well and appear to be dominating the field.
Non-nation state players like Al Qaeda and their affiliates recruit and push anti-Western agendas around the world on the net. “Flash-mob” anarchists assemble their Guy Fawkes masks to wreak havoc on whatever their perceived miscreant of the day may be – both public and private entities. And too long oppressed people throughout the world now mass through cyberspace to overthrow despotic governments.
Polar Opposites
Despite organizational changes like the NSA-based Cyber Command, American intelligence suffers in the cyber world from age and ethos. It was built in the mid-20th century to defend and detect the nefarious activities of nation states. In particular, it was designed to compete with the slow moving Soviet Union. The IC mirrored its secretive nature, focused on capturing government secrets and relied on the assumption of borders and other nation state barriers.
The Internet is nearly the polar opposite of the IC. It was built in the libertarian world of the late 60s and expanding exponentially since the late 90s maintains its goal to exchange information freely among individuals. With this spirit, it has exploded in the last decade to become an entirely new dimension – like land, sea, air and space.
Don’t get me wrong. Washington is not ignorant of the fact that connections between the day-to-day life of people around the world and the cyber world have deepened beyond imagination. Its own military practices “net-centric warfare” pushing information down to lowliest private in the field. It understands anyone with a cell phone and Blackberry can reach out anywhere in a matter of seconds. And, our business community, with over 90 percent of the country’s assets, sells and controls its day-to-day operations through the net.
The Challenges At Hand
The challenges for the American policy maker and the IC are simple and yet hugely complex: what is a threat, how to detect the threat, and how do you deal with a threat in this huge, ever-expanding frontier.
Washington policymakers face the ugly fact that the net was built for speed and information sharing, not for security. Security on the net has always been done on the cheap and as an afterthought. The system is terribly vulnerable to those who wish to do harm.
So what should American intelligence take on in this land of smoke and mirrors? Does a cyber raid into a military firm’s secrets in California constitute a national threat? If so, and the raid takes place, how do we find the miscreants in a system noted for its complexity? And if we do, how do we know their motivations?
For example, does a group of angry Chinese nationalist college students in Shanghai constitute a threat to America? Are they working for the local intelligence bureau or themselves?
How does the IC protect America’s vulnerable private sector. U.S. firms are totally reliant on the net from internal operations through sales. Does closing down the website of a bank constitute a threat worthy of IC concerns?
Overseas, how can American intelligence keep up with the velocity of information on the Internet that triggers change? The Arab Spring and events in Iran show how quickly the use of Twitter and the other parts of the net can foment revolution. The warning capabilities of the current IC’s 20th century system are going to be continuously and severely tested in our new age. So far, by our own admission, we appear not to be passing the grade.
In the final analysis, the IC must adapt to this new age. But it clearly needs a doctrine to follow that only the policy makers can provide. Ultimately, when you try to protect and detect everything, you protect and detect nothing and set yourself up for failure.
