The Department of Homeland Security has been at the mercy of the White House, and nowhere has there been a greater concern than in the seeming lack of urgency in filling vacant positions. What else (other than incompetence) could explain the failure of this Administration to fill the multitude of vacant and dual-hatted positions in DHS leadership? As President Obama is likely to say in his Tuesday night national address, America must take action. Concerning DHS, the President should follow his own advice.
At the beginning of June, NATO held the first Alliance meeting of ministers dedicated exclusively to the subject of cyber defense. this comes at a time when countries are strapped for funds and citizens have little appetite for additional defense expenditures. In the months ahead, NATO will decide how to support members that are the target of cyber attack and request aid. As always, the real test resides in the manner and extent to which agreed-upon principles are operationalized.
In 1999 a technology manager called Kevin Ashton coined the phrase “The Internet of Things”. Today, these “things” now include elements of our critical national infrastructure via what are called SCADA (Supervisory Control And Data Acquisition) systems or ICS (Industrial Control Systems). Unfortunately, these systems can be just as vulnerable to attack as our laptops.
Senior US intelligence officials, including Director of National Intelligence James Clapper and National Security Agency (NSA) Director, Army Gen. Keith Alexander, last month continued the cyberwar drumbeat with warnings to Congress that the US is woefully unprepared for a major cyberattack against critical infrastructures.
You have heard the saying, if it walks like a duck, quacks like a duck, and looks like a duck, it must be a duck. News sources and government officials tell us we live in a world of constant cyber attack, so we must be at war, right? In cyber world, this kind of talk is harmful and obscures the new world in which we really exist. We are not at war – we are in conflict, and some of the tools we are using cross interesting and controversial 20th-century political lines.
When I attend various meetings around DC on cyber issues, I often see confusion and challenge – good people trying to resolve confusing issues, wrestling with individual – as well as the country’s – social and political demons. Cyber is a new kind of land. It has no physical dimension. There are no borders or boundaries, and everyone seems to be a part of something that no one can control. People in DC are bit lost right now, and there are some distinct cultural reasons why.
The Jainists of India have a parable. It is the story about the blind men feeling the elephant – each one feels something different. Watching the Federal government roll out a cyber “strategy” over the past couple of week has felt just that way. The cyber-elephant is a vast and ever-expanding body, and Washington is mucking around this way because of two basic problems. In its simplistic form, the first challenge is definitional and the second challenge is doctrinal.
National security leaders like Leon Panetta, Janet Napolitano and even President Obama have been telling members of Congress and the country that unless immediate action is taken, the United States will suffer cyber attacks guaranteed to shut down our power, communication, financial and water infrastructure sectors. Well, I’m not buying it. The politics of fear is a D.C. classic.
The New York Times recently admitted it had been raided by Chinese “privateers,” stealing reporter’s notes and sources. With this act by the Chinese, we now face clearly the idea that a nation-state can try to enforce its will on an individual private actor inside the United States. Moreover, they have done so to an actor that is not a part of the national security or industrial base. This act must be responded to swiftly and aggressively. And Washington seems not yet prepared to deal with it.
Yogi Berra once observed after two of his teammates smacked back to back homers, “it was déjà vu all over again.” His wisdom applies to cyberspace in 2013 – it is going to be déjà vu all over again. Here are four likely Cyber Challenges we will encounter this year. None of these challenges are “fatal.” They are simply the challenges at hand.