I have heard all the claims. When I was a Deputy Assistant Secretary of Defense, every time we tried to do something – in this case, develop cyber security capabilities – we were accused of cravenly seeking new budget allocations. After leaving government in 2008, I joined a large Tech company and began to push for better cyber security, both in government and in the private sector. I was accused of focusing on the issue so the firm could sell useless products and services to the hapless government drones who didn’t know any better. Soon I will be moving to a think tank, the Heritage Foundation, where as part of my portfolio (Homeland Security and Defense), I will have cyber issues. I will continue to hammer the need for better cyber practices, policies and products. I guess I will be accused of some sort of hidden agenda there too.
What is my point? Frankly, the ONLY reason I have been, am now, and will continue to push cyber as a key issue is that I believe it is one. I also believe it has not been adequately addressed by the various parts of our multi-level governmental and private sector system.
If I sound defensive, I apologize. I recently read an article by Thomas Rid in the March/April edition of Foreign Policy, titled “Think Again: Cyberwar.” Rid spends the entire time debunking all the possible “myths” that have been fobbed on the country about cyber threats. He is a scholar from the UK, has written several books, all claiming that cyber is not an issue. I sincerely wish he were correct. He is sincerely wrong.
I cannot speak for the motivations of every individual in the cyber-politico ecosystem. Some are surely in it to make money or a big name. Here is the surprise folks – most of us are in it because we care, we have done the homework, and believe it is a huge and growing problem. We want to help, to be a part of the solution, and last time I checked, darned few were getting rich doing it.
People who simply wave a hand at problems because the threat has not come to fruition as yet, and say, “See, that was wrong,” do not help. Those who dismiss problems that are today smaller issues than we may have predicted, and say, “clearly that is not a problem at all” are wasting time, diverting potential energy and resources, and frankly hurting the defense / responses of our democracies.
The intelligence, operational, and business communities of this Nation have to have vision. They have to base that vision on incomplete and developing evidence around them. They have to then recommend and take action. Sometimes they are wrong, sometimes they are too slow, sometimes they spend money that in hindsight might have been better used elsewhere. Yes, that is all true, but it is hardly relevant. These folks are the “Men in the Arena,” from Teddy Roosevelt’s famous April 1910 speech. To impugn their motives is wrong and singularly unhelpful. Those carping from the sidelines are “those cold and timid souls” of which TR also spoke.
The logical conclusion from Rid’s walk down Denial Lane is that none of this cyber stuff is an issue at all. It’s all hype and bluster. Guess what, Mr. Chamberlain thought that about the little paper hanger too. On Sept. 10, 2001, we didn’t think an enemy could steal a couple of commercial airplanes, crash them into some buildings and bring our Nation to a screeching halt. If we dither, we get surprised. Denying threats does not make them go away.
The cyber threats this country faces are real. Stop listening to scholarly but very wrong-headed treatises and start joining the effort to do the right thing. It’s worth a lot more than pontificating, even when one does it in prestigious journals.