Cyberdefense mired in Cold War

The absence of a catastrophic cyberattack against the United States has

created a false sense of cybersecurity and has allowed costly Cold War-era

Pentagon programs to siphon money from critically needed information technology

and security programs, a panel of experts warned last week.

"We're still mired in a Cold War-era defense spending mentality," said

Sen. Charles Schumer (D-N.Y.) at a symposium titled "Technological Change

and American Security" and sponsored by The Brookings Institution.

The rapid advance of IT has created "real and potentially catastrophic

vulnerabilities," Schumer said, adding that the consequences of a cyberterrorist

attack "could be devastating."

Eye of the Beholder

However, senior security officials are battling a perception problem,

according to experts who took part in the symposium. Without a clear-cut

example of an "electronic Pearl Harbor," where a surprise cyberattack cripples

financial markets and other critical systems, it's difficult to convince

top military and political leaders that IT research and development should

be a bigger priority in the budget process, experts say.

"Cyberterrorism is not an abstract concept," said Jeffrey Hunker, senior

director for critical infrastructure protection at the National Security

Council. Although attacks historically have been labeled as "nuisances,"

that may not be the correct way to look at the problem, Hunker said.

The government is dealing with an "enormous educational deficit" when

it comes to IT security, he said.

Part of the problem is the fact that the Defense Department remains

committed to lobbying Congress for money to pay for programs such as the

F-22 Joint Strike Fighter instead of increasing funding for IT programs,

said Michael O'Hanlon, a senior fellow for foreign policy studies at The

Brookings Institution.

"I believe that is not affordable even in this age of surpluses," O'Hanlon

said, adding that DOD's assumptions about future budget gains are "wrong."

O'Hanlon advocated spending more money on advanced sensors, precision-guided

weapons and other IT programs. That type of investment would preclude the

need to buy costly systems such as the F-22, he said.

But even events such as the outbreak of the "love bug," which reportedly

cost the U.S. economy billions of dollars, have not convinced people in

and out of government that the problem is real, Schumer said. Usually, when

a major crisis costs people a lot of money, it leads to many visits to Capitol

Hill and requests for help, Schumer said. But that never happened after

the love bug outbreak, he said.

Some experts have questioned the government's liberal use of the term

terrorism to describe acts of mass disruption on the Internet. However,

when asked about the seeming lack of interest in cyberattacks by well-known

terrorists such as Osama bin Laden, a senior White House official said the

focus should not be on what bin Laden does or does not do, but on being

proactive and understanding that a major attack may be coming.

Hunker said he agrees. "We are attempting to be proactive," he said.

"I believe that we are going to get nailed seriously."

The National Security Agency is one of the federal entities that has

taken a proactive approach toward security cooperation between government

and industry (see box).

But one of the biggest challenges facing the nation, highlighted during

the love bug incident, remains convincing industry that security is as important

as making money, said John Nagengast, assistant deputy director for information

systems security at NSA.

"Vendors and users have to treat information assurance as a fundamental

precept of doing business," he said. "It has to become part of the business

case."

MORE INFO

* The National Security Agency has formed alliances with more than 150 high-tech companies to help identify emerging security solutions and has certified 14 academic institutions as centers of excellence in security training.

* A high-ranking government official said the State Department should develop a Future Concept Center, with a specialized group of visionaries to help the department define and prepare for crises, including cyberattacks.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.