Cyberdefense mired in Cold War
- By Dan Verton
- Jun 19, 2000
The absence of a catastrophic cyberattack against the United States has
created a false sense of cybersecurity and has allowed costly Cold War-era
Pentagon programs to siphon money from critically needed information technology
and security programs, a panel of experts warned last week.
"We're still mired in a Cold War-era defense spending mentality," said
Sen. Charles Schumer (D-N.Y.) at a symposium titled "Technological Change
and American Security" and sponsored by The Brookings Institution.
The rapid advance of IT has created "real and potentially catastrophic
vulnerabilities," Schumer said, adding that the consequences of a cyberterrorist
attack "could be devastating."
Eye of the Beholder
However, senior security officials are battling a perception problem,
according to experts who took part in the symposium. Without a clear-cut
example of an "electronic Pearl Harbor," where a surprise cyberattack cripples
financial markets and other critical systems, it's difficult to convince
top military and political leaders that IT research and development should
be a bigger priority in the budget process, experts say.
"Cyberterrorism is not an abstract concept," said Jeffrey Hunker, senior
director for critical infrastructure protection at the National Security
Council. Although attacks historically have been labeled as "nuisances,"
that may not be the correct way to look at the problem, Hunker said.
The government is dealing with an "enormous educational deficit" when
it comes to IT security, he said.
Part of the problem is the fact that the Defense Department remains
committed to lobbying Congress for money to pay for programs such as the
F-22 Joint Strike Fighter instead of increasing funding for IT programs,
said Michael O'Hanlon, a senior fellow for foreign policy studies at The
"I believe that is not affordable even in this age of surpluses," O'Hanlon
said, adding that DOD's assumptions about future budget gains are "wrong."
O'Hanlon advocated spending more money on advanced sensors, precision-guided
weapons and other IT programs. That type of investment would preclude the
need to buy costly systems such as the F-22, he said.
But even events such as the outbreak of the "love bug," which reportedly
cost the U.S. economy billions of dollars, have not convinced people in
and out of government that the problem is real, Schumer said. Usually, when
a major crisis costs people a lot of money, it leads to many visits to Capitol
Hill and requests for help, Schumer said. But that never happened after
the love bug outbreak, he said.
Some experts have questioned the government's liberal use of the term
terrorism to describe acts of mass disruption on the Internet. However,
when asked about the seeming lack of interest in cyberattacks by well-known
terrorists such as Osama bin Laden, a senior White House official said the
focus should not be on what bin Laden does or does not do, but on being
proactive and understanding that a major attack may be coming.
Hunker said he agrees. "We are attempting to be proactive," he said.
"I believe that we are going to get nailed seriously."
The National Security Agency is one of the federal entities that has
taken a proactive approach toward security cooperation between government
and industry (see box).
But one of the biggest challenges facing the nation, highlighted during
the love bug incident, remains convincing industry that security is as important
as making money, said John Nagengast, assistant deputy director for information
systems security at NSA.
"Vendors and users have to treat information assurance as a fundamental
precept of doing business," he said. "It has to become part of the business