Thank goodness no serious observer of electronic warfare considers a cyber-9/11 possible, let alone imminent
The
cyber security capabilities of the United States have come under scrutiny in light of recent high-profile Chinese penetrations of American corporate networks. In many ways, cyber has become the handwavium of warfare — step two in a three-step process, sandwiched between "Meet the enemy in battle" and "Victory!"
Before the relatively new interest in cyber security,
the fastest way for public agencies to increase their share of a budget
was to build a special operations capability. That's why such noted demilitarized zones as Bloomington, Minn., have their own special operations forces, and every Mayberry police department in post-9/11 America wants federal funds to buy drones, periscopes, and assault rifles.
But ersatz commandos are so Bush-era. These days, if you want in on the best federal grants,
you're going to need a place on the virtual battlefield. Forget the
National Guard; if you want to avoid the next draft, join the Ohio Cyber Security Council. Every government agency with a computer and copy of DOS for Dummies
is singing "goodbye my sweetheart, hello cyber war." And in a sickening
display of naked ambition by the military-industrial complex, defense
contractors are buying up every cyber research firm on the market.
It's hard to take warnings of an "imminent"
cyber-9/11 seriously, in part because no serious observer of electronic
warfare considers it possible, let alone imminent. (Cylons rank higher
on my list of imminent threats.) In his confirmation hearings, Secretary
of State John Kerry actually called cyber security our "greatest threat" and a "21st century nuclear weapons equivalent." This is shameless, first-rate scare-mongering, the likes of which the world hasn't seen since — well, ever.
At least nuclear weapons have the virtue of actually being able to do
what we fear they can do. Detonate a minuscule one-megaton nuclear bomb
in Times Square and then launch the most catastrophic cyber attack in
human history against Los Angeles and see which one is worse. Infect the
people of Dayton, Ohio, with smallpox and then have the nerve to
suggest, "Well, at least it's not a direct-denial-of-service cyber
attack!"
In 1951, General Walter Bedell Smith, the father of the
modern Central Intelligence Agency, took measure of the Armed Forces
Security Agency and decided to scrap the whole thing. Signals
intelligence was too important to entrust to the "divided authorities
and multiple responsibilities" of the branches of the armed forces. He
wanted a "consistent, firmly administered security program," removed
from the institutional stupidity of the Joint Chiefs of Staff, and
persuaded Harry Truman to sign a memorandum creating the National
Security Agency.
Today, the NSA is a massive, effective, well-run
organization. And its establishment should have been the model for the
nation's cyber security efforts. But instead of one centralized,
effective body largely removed from the petty grievances and rivalries
of government, the military-industrial complex created a many-headed
hydra of cyber agencies, each of which pumps billions of dollars into
Booz Allen, General Dynamics, and Lockheed Martin.
Here's how the nation's extraordinarily entangled cybersecurity organization looks:
The director of the National Security Agency, who is
always a four-star general, reports directly to the undersecretary of
defense for intelligence, and through the commander of U.S. Strategic
Command, to the secretary of defense. The NSA director is also in charge
of U.S. Cyber Command (CYBERCOM), and is responsible for protecting the
federal government's computer networks from "cyber terrorism."
CYBERCOM, meanwhile, is in charge of securing military computer networks
and for planning cyber offensives on the battlefield — same leader,
same job, and two different top-level-domains — dot-gov and dot-mil.
CYBERCOM itself splits into four service components.
Yes: The Army, Navy, Air Force, and Marine Corps each need their own
cyber warfare capability, in spite of a 40-year effort to bring joint
capabilities to the battlefield. The U.S. Air Force 67th Network Warfare Wing,
for example, is charged with "carrying out information operations to
augment war fighting commands and national decision makers." That sounds
an awful lot like Second Army's
mission to "conduct cyberspace operations in support of full spectrum
operations to ensure U.S. and allied freedom of action in cyberspace,
and to deny the same to adversaries." It's not so different from the Marine Corps Forces Cyberspace Command,
whose job it is to "conduct activities to direct the operations and
defense of specified Department of Defense information networks and
prepare to — and when directed — conduct full spectrum military
cyberspace operations in order to enable actions in all domains, ensure
U.S./Allied freedom of action in cyberspace and deny the same to our
adversaries." What of the Navy's Fleet Cyber Command
vision? You probably already know: To "conduct full-spectrum operations
in and through cyberspace to ensure Navy and Joint/Coalition Freedom of
Action while denying same to our adversaries."
Four branches, each with robust and almost-entirely
overlapping missions, reporting to a command that belongs to the
director of the National Security Agency, an agency that has largely the
same mission on a different top-level-domain. This is alongside the Defense Information Systems Agency,
which "provides, operates, and assures command and control, information
sharing capabilities, and a globally accessible enterprise information
infrastructure in direct support to joint warfighters, National level
leaders, and other mission and coalition partners across the full
spectrum of operations." (Even if you don't speak propeller-head, that's
not too far from the defensive cyber missions listed above.)
Meanwhile, over at the hapless Department of Homeland
Security, which has thus far been run by one feckless government
functionary after another, there is the National Cyber Security Division
(NCSD), whose mission is to maintain a cyberspace response system, and
to devise and issue programs for the protection of critical
infrastructure. The NCSD has under its charge a dozen divisions,
programs, and offices that do various things that the NSA and CYBERCOM
also do.
In many ways, this is but a fleeting glimpse of the
government's cyber security missions from 30,000 feet. But it should be
clear, at least in the abstract, that when you've got a hundred thousand
people from a couple of dozen agencies, organizations, and offices,
each with massively overlapping areas of responsibility, you're
completely undermining the cyber-9/11 fear-mongering on which your
expanded federal appropriations rest. In fact, you're practically
begging for a cyber-9/11 — there's no way such a lumbering beast could
ever react nimbly to a truly catastrophic attack. Which is why it's
reassuring, on some level, that no such attacks exist even in theory.
A massive, ineffective apparatus to fight a threat that
doesn't actually exist? This is the war our sorry government was elected
to fight. I'm just looking forward to hearing what word Lee Greenwood
rhymes with "cyber."
D.B. Grady is co-author of The Command: Deep Inside the President's Secret Army. He is a correspondent for The Atlantic, and lives in Baton Rouge, La. See more of his work at DBGrady.com.
No comments:
Post a Comment