Even teenagers can defeat U.S. network security

Will the U.S. government ever step up to the plate and properly defend the nation in cyberspace?  

I. Government Has Already Flunked the Cybersecurity Test

That's the pressing question as Democrats and Republicans in the U.S. Senate bicker over a pair of proposals designed to offer some improvements to the nation's overall extremely poor state of cybersecurity.

The U.S. has flunked the "real world" security test. [Image Source: The Evergreen Foundation]

The situation as it stands is dire.  Tech-savvy teens in the last year have humiliated government IT departments, shutting down or hacking government websites, while the government has been unable to find a way to shut down these hackers' homepages, such as "LulzSec".  

These days even teens can outwit the U.S. government's internet security.
[Image Source: Financial Times (left); Michael Mayer (right)]

Meanwhile the U.S. is still grappling with the fallout of giving a low ranking private in the U.S. Army complete, virtually unrestricted access to the entire body of U.S. diplomatic cables and a great deal of military footage.  

The soldier -- a teen at the time -- then passed the information on to Wikileaks, a fame and fortune seeking "leaks" brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants look like the murder of unarmed civilians (see the scandal regarding the unedited "Collateral Murder" video).  The loss could well end up costing lives, a prospect that allegedly delights WikiLeaks founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "deserve to die" (Assange denies saying this calling the journalists liars).

Leak -- blood
Military secrets leaked and subsequently doctored by Wikileaks have been a massive PR setback for the U.S. military and its allies -- one which may cost lives.

This was just one high profile example in a long string of horrific data losses for the hapless government agencies [1][2][3].

But all of those embarrassments stand secondary to the far more dangerous threat from America's economic superpower rival, China.  At a time when there's strong impetus in the U.S. to downsize the federal government and cut programs, the nation is also grappling with the reality of a Chinese government that has no such concerns and is more than willing to reportedly spend billions on its own cyberoffensive programs.  

While the U.S. government recently drafted strict rules about when it can cyberattack other countries, China seems to have no such scruples.

China hackers
U.S. agencies have proved woefully incapable of protecting their data against Chinese hackers.
[Image Source: Asia Society]

China has stood accused of conducting massive intellectual property thefthacking into financial institutions, stealing government information, and compromising U.S. Department of Defense systems.  The problem is that America is unable to retaliate in any meaningful way. The American economies' is predicated on China manufacturing the goods U.S. companies "design", and hence the nation cannot hope to respond with economic sanctions.  At the same, time its lack of security competence limits its bloodless counter-offensive options.

II. Defending the Nation?  It's Congress's Constitution Duty

Article 1, Section 8 of the U.S. Constitution, the foundation of the U.S. government, clearly grants Congress the power:

U.S. Constitution
[Image Source: EL Civics]

The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;

To raise and support armies, but no appropriation of money to that use shall be for a longer term than two years;

To provide and maintain a navy;

To make rules for the government and regulation of the land and naval forces;

To provide for calling forth the militia to execute the laws of the union, suppress insurrections and repel invasions;

The U.S. Congress has been ineffectual in legislating funding and creating proposals outlining a sensible digital "common Defense" of the nation -- i.e. a "militia" (say, competent contracted security officials) or a digital age army (such as China has built).

In other words, when it comes to their Constitutional responsibility to protect the U.S. against invasions -- including cyberinvasions -- both parties in Congress have failed.  Yet the American people remain largely apathetic of these failures and continue to vote for their party of choice, while doing little to voice public discontent over America's ongoing losses in the global cyberwar.

III. U.S. Senate, House Can't Agree on What to do

In the Senate U.S. Senator Harry Reid (D-NV) has proposed a broad bill that would pay for improvements to the government security infrastructure.  The bill would authorize the Department of Homeland Security (DHS) to both crack down on IT incompetence in the various federal agencies.  It also would authorize the DHS to crack down at similar poor practices at U.S. government contractors, such as Lockheed Martin Corp. (LMT) whose F-35 Lightning II fighter program was infiltrated by foreign spies.

The bill has strong Democratic support.  Other co-sponsors include Sens. John D. "Jay" Rockefeller IV (D-WV) and Dianne Feinstein (D-CA).  But the bill also has a degree of bipartisan support as it is co-sponsored by Sens. Joseph Lieberman (I-NH) and Susan Collins (R-ME).  Sen. Collins' mentor is Sen. Olympia Snowe (R-ME), who recently announced that she would not seek reelection as should could not stand the partisan conflict that has infected Washington D.C.

That conflict threatens to sink the Reid bill, as strong opposition from the Republican majority is overwhelming the minority in the party who support the measure.  Senator Saxby Chambliss, Jr. (R-GA), states [press release], "More government is seldom a solution to any problem."

Sens. Chambliss and former 2008 presidential candidate John McCain (R-AZ), along with 6 other high-ranking Senate Republicans have sponsored an alternate bill [press release].  Reuters describes the bill as "softer".  That bill would not provide any additional funds to U.S. cybersecurity or authorize increased DHS oversight of IT/contractors.  Instead, it would step up "information sharing" efforts between the U.S. gov't agencies and contractors regarding threats.

John McCain
Sen. John McCain opposes the Reid bill to fund cybersecurity. [Image Source: kwout]

Sen. McCain lauded the bill as implement far less regulation than Sen. Reid's proposal.  He states, "We believe that ensuring our nation's cybersecurity is critical. We have a bill that would do plenty to meet current challenges."

It should also be noted that Sen. Reid's bill also includes proposals to increase information sharing.  Responding to the criticism, he stated, "I look forward to a debate on the Senate floor that will ensure this bill and other proposals get a fair hearing, and which will allow thorough consideration of amendments to improve the legislation."

While the Republicans are in the minority in the U.S. Senate, they do have strong support on the bill from the telecommunication industry, which is wary of increased regulatory powers to the DHS in the Democratic bill.  

Industry officials also enjoy a close relationship with the bill's sponsor, Senator McCain.  AT&T, Inc. (T) America's second largest mobile carrier and major ISP has provided free service to Sen. McCain's ranch complex in Ariz.  And Telecoms/ISPs have heavily financed Sen. McCain's Senate and Presidential runs raising millions for him, favors he returned with hundreds of millions of dollars in tax cuts and tax holidays.

USTelecom President Walter McCormick offered glowing praise for the McCain measure, stating, "We can support the bill introduced today because it pursues those objectives without creating new bureaucracies or regulatory mandates that would erode, rather than enhance, the ability of network providers to provide nimble and effective responses to cyber threats."

The question is whether "information sharing" would do enough to improve the ineffectual cyberdefenses of the U.S. nation against threats from the Chinese and others to water supply, electric grid, financial networks, and transportation infrastructure.

The U.S. House of Representatives' efforts are still in their earlier stages, but a bill similar to Sen. McCain's Senate proposal authorizing the Pentagon to conduct two-way sharing of information with ISPs and contractors regarding threats.  The bill passed a procedural vote by the House's Permanent Select Committee on Intelligence and will be headed to a vote on the House floor sometime later this year.

Congress Buillding wide
Congressional cybersecurity efforts have stalled. [Image Source: U.S. Congress]

But the Democratic minority in the Republican-controlled House is expected to be crafting their own counterproposal.  Thus partisanship may stall legislative efforts in the House, much as the rancor is currently sinking the Senate bills.

In the last five years similar bills have been proposed and slowly died.

IV. Will Someone Who Cares, Please Step up

Howard Schmidt, the White House cybersecurity policy coordinator, is hopeful that Sen. Reid's measure passes.  But amid the partisan rancor he's not counting his digital eggs before they hatch.  He instead is pushing government agencies to reinterpret current authorization bills and work to promote self-dense of the private sector, aware that Congress may not be able to reach the compromises necessary to defend the nation.

In that way the White House may try to sneak increased cybersecurity regulation "in the back door" via existing programs.  But such efforts stand a strong chance of winding up in court, as contractors may sue the federal government if it adopts what they view as unauthorized regulation.

Cybersecurity wide
No one seems interested in solving America's cybersecurity problems. [Sen. Collins]

Ultimately at the end of the day all parties involved -- the majority of U.S. businesses and the U.S. government -- are lukewarm on providing strong cybersecurity.  That's not to say their half-hearted efforts have come for free.  Both the government and private sector pay a lot for cybersecurity.

While an overt attack by China is unlikely -- they are as economically dependent on the U.S. as the U.S. is on China.  However, China appears to be instead opting to use its steady cyberattacks on the U.S. for financial and technological gains.  The nation has made tremendous progress in its stealth fighter and space programs, progress many U.S. officials believe was fueled by stolen U.S. government secrets.

But in an era where China is conducting almost open for-profit cyberwar against the U.S. and amid a string of embarrassing security breaches to amateur attention-seekers, the efforts are clearly not enough.  The problem is that few seem willing to pay the high cost of providing a strong security solution.

At the end of the day, this means that until something changes, the embarrassments for the U.S. government will likely continue.  And, China will enjoy a faster path towards its goal of displacing the U.S. as the number one global financial power.

And for skeptics eager to smash that analysis as alarmism, listen to Sen. McCain [press release]:

All of us recognize the importance of cybersecurity in the digital world. Time and again, we have heard from experts about the importance of possessing the ability to effectively prevent and respond to cyber threats. We have listened to accounts of cyber espionage originating in countries like China; organized cyber criminals in Russia; and rogue outfits with a domestic presence like ‘Anonymous,’ who unleash cyber-attacks on those who dare to politically disagree. Our own Government Accountability Office has reported that over the last five years, cyber-attacks against the United States are up 650 percent. The threat is real.

He's certainly right about that.

Sources: John McCain [press release], Reuters

"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki