A war we can fight to win
How to combat the biggest security threat you've never imagined.
By Ken Adelman
There's an old adage about horsemeat: The more you chew, the bigger it gets. There's a new adage about cyberthreats: The more you know, the scarier they get.
Cybersecurity is vital to everything we do nowadays, from finance to romance. Just walk around any office -- whether medical, legal, public relations, manufacturing, service, whatever. Nearly everyone there is doing the same thing: sitting before a screen using a computer, mostly online. While cybersecurity is assumed, cyberinsecurity looms. It has morphed into a type of terrorism.
This morning President Obama told how today's terrorism comes "not only from a few extremists in suicide vests, but from a few key strokes of a computer." He dubbed the ability to cyberattack "a weapon of mass disruption." That's clever, but it shortchanges the danger.
Just last year were some 44,000 incidents causing the Pentagon alarm, no doubt many by Chinese authorities but some by geeky high-school hackers. Attacks across the U.S. federal government rose by some 40 percent last year, and bad guys in Iran got a hold of highly-sensitive blueprints for Marine One, and financial data on U.S. military helicopters. Other hackers apparently got their hands on data galore on the design and electronics of the new Joint Strike Fighter. One could go on.
With so much being so dismal, we'd better focus on three positive points. They're reflected in the president's remarks today and the report he issued, "Cyberspace Policy Review."
First, cybercrime is a global phenomenon that must be combated globally. We know the threat can come from anywhere. But usually we don't even know where an actual attack came from. U.S. authorities claim that stealing and subsequent selling of at least 40 million credit and debit cards from Barnes & Noble, Sports Authority, Office Max, and other chain stores probably came from Estonia, China, and Belarus. But such theft is hard to trace.
Cybercrime networks are active on virtually every continent, increasingly collaborating across national borders. As we know from 9/11-type terrorism, an asymmetric threat that doesn't respect borders is tough to detect, and even tougher (frankly, impossible) to deter. With no home address for the attackers, there's no place to retaliate. Hence, the big game has become rougher, at least a lot more chaotic, than existed in the U.S.-Soviet nuclear faceoff, which I worked on over all those many years.
Second, cybersecurity is as much a consumer threat as a national security threat. As Obama put it, "millions... have been victimized -- their privacy violated, their identities stolen, their lives upended, and their wallets emptied." Consumer Reports estimates that one in five online consumers claim to have been victims of cybercrime over the past two years. Imagine the outcry if one out of five houses in your neighborhood was robbed over the past two years. You'd surely flee, as your neighbors would.
Cybercrime cost Americans more than $8 billion over the last two years, according to Obama. That number is likely to rise steeply, unless the United States gets its act together. "America's economic prosperity in the 21st century will depend on cybersecurity," the president added.
Third, it's something experts can anticipate and handle fairly predictably. We may not know the precise type of attack coming, but we know they're coming. And combating them is totally in our power.
Hence this is different from the other foreign-policy woes Obama faces. The Afghanistan-Pakistan mess depends so much on a pack of incompetent or corrupt leaders. The Middle East "peace process" hinges on Israelis and Palestinians each getting their own acts together (most dubious) and then wanting to wheel and deal at the same time (hasn't happened yet). North Korean proliferation depends on the craziness of Kim Jong Il, or whatever the hell is happening there.
In contrast, U.S. policymakers have a great deal of power to determine how cybersecurity will be handled. That's why it's good that Obama is bringing this process into the White House, under the yet-to-be-named "Cyber Czar" (funny, since that's one threat Russian czars never faced, not that they handled any of their threats all that well).
And that's why this effort may please Hillary Clinton: It does take a village. To put up defenses without inhibiting commerce or infringing on privacy takes government, for sure, but also private industry -- especially key players in the Internet ecosystem - network providers, applications guys, Web developers, software developers, etc.
Let's see if the Obama administration can indeed put this all together. It'd better, or we're totally phished.
Ken Adelman was an ambassador to the United Nations and director of the Arms Control Agency in the Reagan administration.
Posts
No comments:
Post a Comment