Politicians jockey for cybersecurity positioning
Complex questions about cyber defense and cyberattacks could fall victim to political gamesmanship
Cybersecurity appears to be on the verge of losing its status as one of the few areas of national security to remain relatively free of partisan bickering.
Because the topic has never been colored neatly red or blue, debates about computer defense have focused largely on substantive rather than political differences, enabling policy discussions to continue despite the changing political fortunes of the political parties.
But now more than ever, the public is becoming aware of the dangers of computer attacks. As solely technology topics, they were once the province of geeks and policy wonks inside the Beltway. But they now make national headlines.
Given the highly politicized environment in Washington, cybersecurity will inevitably become a political lightning rod.
“Politicians have long rallied voters around the national security flagpole,” said John Bumgarner, research director of security technology at the U.S. Cyber Consequences Unit (US-CCU), an independent, nonprofit research institute. “Recent world events, such as cyber espionage against Google, now have politicians scrambling to add another banner emblazoned with the word ‘cyberattacks’ to this flagpole.”
A case in point: Rep. Michele Bachmann, a conservative Minnesota Republican known for making controversial statements, recently evoked computer security in an argument against President Barack Obama’s policy for nuclear weapons.
"If in fact there is a nation who is compliant with all of the rules ahead of time and they've complied with the United Nations on nuclear proliferation, if they fire against the United States a biological weapon, a chemical weapon or maybe a cyberattack, well, then, we aren't going to be firing back with nuclear weapons," Bachmann said at a campaign rally, according to ABC News. "Doesn't that make us all feel safe?"
“No!” the crowd shouted back.
Bachmann made headlines by linking nuclear weapons to cybersecurity and rallied her constituent base with her comments about nuclear deterrence.
However, the decision to include cyber weapons in her argument suggests that the cyber threat has risen to a new political threshold. Bachmann apparently thought concern over cyberattacks resonated enough with her constituency that voters wouldn’t dismiss the notion of lobbing a nuclear weapon to respond to a computer attack — or at least using it for deterrence.
Not everyone takes such an extreme position on cybersecurity issues, but the trend is toward hawkish positions. The most outspoken people tend to advocate for building up cyber defenses by raising the specter of a massive cyberattack on the nation's critical infrastructure.
“It’s a one-sided debate — the only side is electronic Pearl Harbor,” said John Pike, director of GlobalSecurity.org, which tracks information and debates about national security issues. “You’re going to have all kinds of security professionals who might have something to say on the subject, but they’re not in the habit of going on television and debating members of Congress who are running for president.”
The problem is that cybersecurity is a complex topic, tangled up in larger questions about national security, international law and diplomacy.
Because of that complexity, the United States is still struggling to formulate some basic cybersecurity policies. For example, if U.S. systems come under attack, what is the appropriate form of response: cyber or bombs? And what is the government’s policy about conducting its own offensive cyberattacks?
Lt. Gen. Keith Alexander, the administration’s pick to lead the Cyber Command, recognized the complexity of cybersecurity operations, particularly as they relate to traditional defense policies and strategies.
“I’d certainly agree that cyber warfare has unique and important differences from classic deterrence theory and escalation control,” Alexander said in written responses to senators' questions about U.S. military cyber operations. “Experts, both inside and outside government, as well as within the Department of Defense and intelligence communities, have widely differing views of these dynamics, as should be expected. A consensus has yet to emerge, either on how to characterize the strategic ‘instability’ or on what to do.”
Of course, the political climate could change even more dramatically if the country's systems suffer a major attack. Politicians could find themselves struggling to avoid the “weak on security” or “soft on terrorism” labels that have been part of most security policy debates since 2001.
US-CCU's Bumgarner said talk of launching a nuclear strike in response to a devastating cyberattack amounted to political grandstanding. “Once this grandstanding has subsided, these politicians need to debate what our national response strategy for a major cyber incident would really entail.”
Ben Bain is a reporter for Federal Computer Week.