My view: U.S. needs a better cyber defense

By Clifford D. May

Scripps Howard News Service

Published: Thursday, Dec. 9 2010 12:00 a.m. MST

p>The theft of hundreds of thousands of secret diplomatic cables and military reports was an act of espionage and treachery. Their release was an act of sabotage. The U.S. government's response to both has been frighteningly feckless.

First and most obviously, how is it possible that those responsible for security at the Departments of Defense and State did not foresee — and take measures that would have prevented — a 22-year-old Army private not just from accessing but also downloading such classified information? Officials up to and including the Secretary of State have said that the government was just attempting to break down the walls between various agencies. Credible? Not even close.

Second, after the first WikiLeaks document dump back in July, why did a computer worm or virus not find its way into WikiLeak servers and destroy them? Yes, that would have caused an uproar in some quarters. So what? Government spokesmen would do the one thing they know how to do: deny complicity or simply refuse comment.

Instead, Pentagon spokesmen are saying it's not that the U.S. lacks the means to put WikiLeaks out of business but that such a response would have been excessive in this particular instance. Really? As satisfying as it is for national security hawks like me to have hard evidence that Arab leaders are terrified by the prospect of nuclear-armed Jihadis in Tehran — and are demanding that America "cut off the head of the snake" — the fact is these disclosures will be hugely damaging to U.S. diplomatic efforts.

But the alternative explanation is that America's cyber warriors have not yet mastered their trade. If you don't grasp how consequential that is, listen to Mike McConnell who served as director of the National Security Agency under President Bill Clinton and as director of National Intelligence under President George W. Bush. Earlier this year, he told a Senate committee that the threat of cyber attacks "rivals nuclear weapons in terms of seriousness."

That's because enemy cyber combatants are developing cyber weapons that could shut down our electrical grid (causing blackouts of indefinite duration) or destroy the electronic records and processes on which our financial systems depend.

China or Russia would probably utilize such a capability only in the event of a serious conflict breaking out with the U.S., which is bad enough. But Iran for more than three decades has considered itself at war with "the Great Satan." President Mahmoud Ahmadinejad might view such a cyber attack as contributing toward his long-term goal: "A world without America."

Wouldn't we retaliate with a rain of fire? We might not know for certain Iran was responsible. It also is possible that Iran's current rulers wouldn't care if we did. "We do not worship Iran, we worship Allah," the Ayatollah Khomeini, leader of Iran's Islamic Revolution, said in 1980. "For patriotism is another name for paganism. I say let (Iran) burn. I say let this land go up in smoke, provided Islam emerges triumphant in the rest of the world."

Cyberspace is not the battlefield of the future — it's the battlefield of the present. If we didn't know that before we should know that now, thanks to Stuxnet, a computer worm that has worked its way into Iran's nuclear facilities and, encouragingly, done significant damage to them. Deductive speculation has led many to the belief that the Israelis developed this sophisticated search-and-destroy device. Did Americans partner with them? I hope so.

In his testimony, McConnell warned that we "lack a cohesive strategy" to meet the challenge of the cyber arms race now under way. Jim Lewis, director of the Center for Strategic and International Studies, has added that three years ago "we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor. Some unknown foreign power, and honestly, we don't know who it is, broke into the (computer systems of the) Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA."

Since that time, building defenses that enemy cyber combatants cannot breach should have been a top priority for the White House and Congress. Will it become one as a result of the WikiLeaks fiasco? If not, what will it take?

Clifford D. May is president of the Foundation for the Defense of Democracies, a policy institute focusing on terrorism. E-mail him at cliff@defenddemocracy.org

Get The Deseret News Everywhere

Subscribe

Mobile

RSS