One of the most difficult challenges facing the U.S. government today is the constant threat of cyber attacks from tech savvy rivals such as China. Freelance cyber "guns for hire" foreign nations can steal information, undermine the national economy, and spy on our nation's military readiness with little fear of retaliation. While the armed forces and U.S. intelligence agencies have invested large amounts of money in preventing such breaches, a recent war game highlighted just how soft the U.S. is when it comes to cyber defense.
Last Thursday wrapped up a two-day war game testing our nation's cyber security readiness against hostile threats. The exercise, perhaps the largest and most ambitious yet, was carried out by 230 representatives of government defense and security agencies, private companies and civil groups. The conclusion -- the U.S. is unprepared to defend itself against cyber attackers.
The war game highlighted numerous problems including flaws in leadership, planning, communications and other issues, according to the testers. Experts note some improvements since a year ago when President George W. Bush instituted a broad new cybersecurity initiative. However, they say that the defenses are still far from adequate. Senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service who hosted the games states, "There isn't a response or a game plan. There isn't really anybody in charge."
Democratic U.S. Rep. James Langevin of Rhode Island, chair of the Homeland Security subcommittee on cybersecurity, woefully concurred, "We're way behind where we need to be now. This is equivalent in my mind to before Sept. 11 ... we were awakened to the threat on the morning after Sept. 11."
U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the Intelligence subcommittee on Technical Intelligence, says that billions must be poured into shoring up the cyber defenses which is currently full of holes. Rep. Ruppersberger cites the recent cyber warfare campaign by Russian supporters in Estonia and Georgia as an example of how devastating foreign cyber assaults can be on an unprepared nation.
The war games were set in a very applicable scenario -- escalating attacks during a period of economic instability. Participants had to try to work together to develop strategies to fight the attacks. The test was perhaps the largest to date as it encompassed both the free market and the government sectors.
Homeland Security Secretary Michael Chertoff at the end of the exercise signed off warning participants that cyber attacks will be used in the future to soften nations in preparation for invasion. They will also become a tool used by terrorists, he warns. New international laws and military doctrines must be put in place, he believes, to prevent unchecked aggression and cyber arms races. Uncertainty is a critical flaw without government's current defense plan, he believes. He states, "We know that if someone shoots missiles at us, they're going to get a certain kind of response. What happens if it comes over the Internet?"
There is dissent, though on how to solve the problem. Rep. Ruppersberger believes a "cybersecurity czar" is the best solution as it will give the president a direct line to the critical state of the nation's network defenses. However, Chertoff and Gerencser do not currently support this idea.
Rep. Ruppersrberger did state optimism that the state of cyber security can change, and praised President-elect Barack Obama for making cybersecurity a major priority thus far.
However, there are many tricky issues that remain, such as the question of how to finance the massive government-sponsored security overhaul needed and how to answer public doubts. While one-party regimes such as China, have found it easy to force such efforts on the public, here in the U.S. convincing the public that such initiatives are necessary and positive is a much taller order. Many are uneasy with the expansion of government and decreased privacy rights that such initiatives would yield.
quote: 3) Funding should come from existing budgets by cutting 5 % or more from every dept & transfering it to this effort/issue of cyber security.