Collaboration and Control

Government prepares for enemy threats to key networks.

The security of Internet-based communications systems is a hot topic nowadays, as top officials increasingly worry that enemy hackers could take down key U.S. networks. A topic once framed in technical cybersecurity jargon is taking on the language of war. A four-star general, Keith B. Alexander, now presides as the first chief of the new U.S. Cyber Command. Deputy Defense Secretary William F. Lynn III outlined the threat and Pentagon countermeasures in the fall edition of Foreign Affairs. And Richard A. Clarke, who served as a cybersecurity adviser to several presidents, and a young colleague, Robert K. Knake, painted a frightening doomsday scenario in their book, Cyber War (HarperCollins, 2010).

Agencies, understandably concerned, are firming up defenses of key systems, and Congress is working on legislation that would make that job less difficult. Such key government contractors as Intel Corp. and Northrop Grumman Corp. are seizing opportunities to capitalize on the concern.

As part of a series of live events at the National Press Club on cybersecurity that our magazine has produced in cooperation with the SANS Institute, the leading trainer of cyber technicians, we recently explored the topic of cyberwar. (Intel and Northrop Grumman were among sponsors of the event.) I wanted to know how the experts would define an act of cyberwar, how vulnerable we are, and how capable of playing both offense and defense across a realm defined by digits instead of geography. Our panel of experts included Knake; Alan Paller of SANS; James A. Lewis, who directed the Center for Strategic and International Studies' Commission on Cybersecurity for the Forty-Fourth Presidency; and Shane Harris, journalist and author, once of Government Executive's staff and now working at Washingtonian.

We began by discussing an incident Lynn described of enemy action against military networks run by U.S. Central Command in the Middle East. A flash drive, inserted into a military laptop, spread malicious code through classified and unclassified systems: "a rogue program, operating silently, poised to deliver operational plans into the hands of an unknown adversary." Was this an act of war? No, our panel concluded; it was plain espionage, not serious enough to warrant what the military likes to call a "kinetic" (bombs, etc.) response.

An act of war, as Lewis said, would have to cause loss of life or serious disruption in such key network-dependent activities as banking, stock and other financial markets, or electric power generation. A successful attack on the power grid could be devastating, and, indeed, the panel confirmed that rogue actors already have inserted "logic bombs" into the networks controlling the grid. A logic bomb is hard-to-detect software code set to shut down a system at a certain time or in response to an outsider's command.

In their book, Clarke and Knake run through a hypothetical full-scale attack on key cyber systems, demonstrating that it would be as damaging as any kinetic attack short of nuclear war. Because the United States is so highly dependent on its networks, it is by definition more vulnerable than such probable antagonists as Russia and China. Still, the international economy is so interconnected, panelists said, that everyone has a lot to fear in a cyberwar, so the mutual deterrence theorem of the nuclear age might have relevance in the Information Age, at least until terrorists develop capabilities only nation-states now possess.

War between nation-states might be unlikely at the moment. But, as Knake observed, espionage remains a top concern, and not just against military networks. The ongoing theft of intellectual property from defense contractors and other important private sector institutions threatens our economic standing in the world, and thus might require that government quarterback a better, more agile defense than it has conjured to date.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.