Collaboration and Control

Government prepares for enemy threats to key networks.

The security of Internet-based communications systems is a hot topic nowadays, as top officials increasingly worry that enemy hackers could take down key U.S. networks. A topic once framed in technical cybersecurity jargon is taking on the language of war. A four-star general, Keith B. Alexander, now presides as the first chief of the new U.S. Cyber Command. Deputy Defense Secretary William F. Lynn III outlined the threat and Pentagon countermeasures in the fall edition of Foreign Affairs. And Richard A. Clarke, who served as a cybersecurity adviser to several presidents, and a young colleague, Robert K. Knake, painted a frightening doomsday scenario in their book, Cyber War (HarperCollins, 2010).

Agencies, understandably concerned, are firming up defenses of key systems, and Congress is working on legislation that would make that job less difficult. Such key government contractors as Intel Corp. and Northrop Grumman Corp. are seizing opportunities to capitalize on the concern.

As part of a series of live events at the National Press Club on cybersecurity that our magazine has produced in cooperation with the SANS Institute, the leading trainer of cyber technicians, we recently explored the topic of cyberwar. (Intel and Northrop Grumman were among sponsors of the event.) I wanted to know how the experts would define an act of cyberwar, how vulnerable we are, and how capable of playing both offense and defense across a realm defined by digits instead of geography. Our panel of experts included Knake; Alan Paller of SANS; James A. Lewis, who directed the Center for Strategic and International Studies' Commission on Cybersecurity for the Forty-Fourth Presidency; and Shane Harris, journalist and author, once of Government Executive's staff and now working at Washingtonian.

We began by discussing an incident Lynn described of enemy action against military networks run by U.S. Central Command in the Middle East. A flash drive, inserted into a military laptop, spread malicious code through classified and unclassified systems: "a rogue program, operating silently, poised to deliver operational plans into the hands of an unknown adversary." Was this an act of war? No, our panel concluded; it was plain espionage, not serious enough to warrant what the military likes to call a "kinetic" (bombs, etc.) response.

An act of war, as Lewis said, would have to cause loss of life or serious disruption in such key network-dependent activities as banking, stock and other financial markets, or electric power generation. A successful attack on the power grid could be devastating, and, indeed, the panel confirmed that rogue actors already have inserted "logic bombs" into the networks controlling the grid. A logic bomb is hard-to-detect software code set to shut down a system at a certain time or in response to an outsider's command.

In their book, Clarke and Knake run through a hypothetical full-scale attack on key cyber systems, demonstrating that it would be as damaging as any kinetic attack short of nuclear war. Because the United States is so highly dependent on its networks, it is by definition more vulnerable than such probable antagonists as Russia and China. Still, the international economy is so interconnected, panelists said, that everyone has a lot to fear in a cyberwar, so the mutual deterrence theorem of the nuclear age might have relevance in the Information Age, at least until terrorists develop capabilities only nation-states now possess.

War between nation-states might be unlikely at the moment. But, as Knake observed, espionage remains a top concern, and not just against military networks. The ongoing theft of intellectual property from defense contractors and other important private sector institutions threatens our economic standing in the world, and thus might require that government quarterback a better, more agile defense than it has conjured to date.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.