Mention the word “cybersecurity,” and the conversation is guaranteed to evolve into a frightening run-down of doomsday scenarios: planes colliding in mid-air, massive blackouts due to power grid failure, dams bursting open, explosions at chemical plants. While these situations rarely come to fruition (and certainly not yet as the result of cyberattacks) the United States must not become complacent. The recently-created U.S. Cyber Command (CYBERCOM) – a central organization securing military networks – is a good start. Yet, the potential of cyberattacks to infiltrate and damage non-military networks means the Obama Administration should consider a separate organization to monitor cyberattacks on non-military networks.
Recent history shows just how far the nation has to go in shoring up its information networks. In fiscal year 2008, there were more than 18,000 cyberattacks on government agencies, three times the number of attacks in 2006. In October 2009, the Washington Post revealed that hackers in China and Pakistan were downloading U.S. soldiers’ personal information—including social security numbers and names of family members—off military servers. Hackers have also accessed the Air Force’s air traffic control system and have obtained sensitive information regarding the Air Force’s $300 billion Joint Strike Fighter project. Although the Pentagon has taken its fair share of hits, other government agencies—the State Department, the Department of Homeland Security, NASA, and the Department of Commerce—have all been victims of cyberattacks as well, losing terabytes of information in some cases.
The intrusions are not limited to government agencies. For example, hackers originating in Russia and China infiltrated the U.S. electrical grid and inserted malicious software. In what some cybersecurity experts call the “Pearl Harbor” of cyber warfare, $550 million was stolen from Americans money market accounts in just two hours in September 2008. If the Treasury Department had not closed the accounts after discovering the breach, the hackers would have stolen $5.5 trillion.
As these breaches have shown, the damage from cyberattacks is not physical in nature. Rather, the threat stems from hackers’ ability to access to sensitive information, such as classified documents or bank account numbers, which could then be used against the U.S. government or its citizens.
With the creation of the U.S. Cyber Command, which is responsible for securing the military’s networks, the United States is taking a step in the right direction. CYBERCOM is led by General Keith Alexander and a sub-unified branch of the military’s Strategic Command, demonstrating the priority that the administration is placing on cybersecurity. And given that military networks often contain some of the most sensitive and potentially dangerous information, it is essential that CYBERCOM exists to set uniform security standards and protect that data.
As the above examples reveal, however, the “dot mil” domain is not the only target of hackers. In addition to other government agencies, private citizens and business must also have mechanisms in place to defend against cyberattacks. For this reason, another central authority—not unlike CYBERCOM—should be established within the federal government to provide information to the private sector and non-military agencies on current digital threats and how to counter them.
Of course, such an organization would be viewed skeptically by the private sector, which is wary of the possibility for the government to overstep its boundaries and become too involved in dictating what actions a company should take. Many policymakers, including former Director of National Intelligence Mike McConnell and Senators Olympia Snowe and Joseph Lieberman, have advocated for a “public-private partnership,” in which the government would alert the private sector to potentially catastrophic threats but would at the same time allow businesses to implement their own security measures to protect themselves.
As simple as it sounds, this back-and-forth exchange of information is currently nonexistent, not only between government and business but among government agencies as well. Therefore, the government must centralize its cybersecurity operations before embarking on any other endeavors. With one organization overseeing the networks and the threats, disseminating information and taking quick, uniform action during a crisis will be much easier.
Hackers are a new breed of enemy. The damage they do is not always obvious, and it is often difficult to single out a specific perpetrator. Although building secure networks can be time- and resource-intensive, U.S. cybersecurity can improve with a centralization of operations and increased communication among interested parties. These measures will assist in not only preventing the cyber Armageddon that many people fear, but will also go a long way in preventing the more subtle—but still immensely damaging—breaches in security.
The photo in this article is being used under Creative Commons licensing. The original source can be found here.