Friday, November 13, 2009

U.S. Cyber Command-Too Little, but Not Too Late

Recent years have seen a huge increase in crime, infiltrations, and espionage conducted in cyberspace. Several large U.S. companies have been infiltrated and it is thought that cyber spies “steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates.” Just this week, the FBI busted a cyber ring that stole $9 million from over 2,000 ATMs around the world. The U.S. government has also had problems with cyber espionage. In 2007 alone, the Departments of Defense, Commerce, State, Energy, and NASA were all compromised and terabytes of information were stolen. Earlier this year the F-35 program was compromised. There is also an elevated threat of cyber attacks is because the only difference between cyber espionage and cyber attack is the intent of the hacker. Mike McConnell, a former Director of National Intelligence, stated recently that he thinks cyber attacks already have the capability of taking down the U.S. power grid.
Last month, the new U.S. Cyber Command was created underneath Strategic Command. The head of the National Security Agency, General Keith Alexander, has been put in charge of the new Cybercomm which is responsible for offensive and defensive cyber security. However, the new system protects only parts of the federal government, let alone civilian and private-sector infrastructure. President Obama, when announcing the new Cyber Command, remarked that the military cannot monitor the civilian Internet, but can only defend itself. One commentator remarked that is “like telling the military if there’s another 9/11 to protect the Pentagon but not the World Trade Center.” The Department of Homeland Security is supposed to defend the private-sector, but DHS does not have anywhere near the capability that the military has. Many civilian agencies, state and local governments, the White House, Congress, contractors, and businesses also need help securing sensitive information. Private businesses, including contractors, have been a huge target for cyber espionage and if the U.S. does not want to lose its technological advantage then private companies need to be protected as well.
The military, which includes the NSA, clearly has better capabilities than DHS. They would likely do the best job of defending the country in cyber space. However, many Americans are wary of the NSA and its history of domestic espionage, but where is the line between foreign and domestic in cyberspace? The U.S. would just create duplication and wasteful spending by creating separate cyber defenses. Americans need to adjust their expectation of “reasonable privacy” to permit the military operate in “domestic” and “civilian” cyberspace in order to prevent catastrophic harm. The divide between foreign and domestic intelligence contributed to the intelligence failure of 9/11. Such a divide would be huge in cyberspace where everything happens much faster. The U.S. needs to come up with a coherent cyber defense plan or it will remain extremely vulnerable to cyber attacks and espionage.

No comments: