Digital Threats Mark New Front in Nation's Security
On Friday, May 29th, President Obama unveiled plans to shore up the safety of U.S. computer networks, including naming a new "cyber czar." Analysts examine the nature of digital vulnerabilities.
Jeffrey Brown: At the White House this morning, President Obama warned, it's already taken too long to address computer security. He said the country now faces what he called a transformational moment.
Barack Obama, President of the United States: Our technological advantage is a key to America's military dominance. But our defense and military networks are under constant attack.
Al-Qaida and other terrorist groups have spoken of their desire to unleash a cyber-attack on our country, attacks that are harder to detect and harder to defend against. Indeed, in today's world, acts of terror could come not only from a few extremists in suicide vests, but from a few key strokes on the computer, a weapon of mass disruption.
Jeffrey Brown: Just last April, The Wall Street Journal reported the U.S. electrical grid had been hacked. It said cyber-spies probed the power system and planted software to cause disruptions.
Another report said the Pentagon's Joint Strike Fighter program was struck, but officials insisted the breach was nothing serious.
Overall, the Defense Department reported 360 million attempts to penetrate its data networks last year, up from six million in 2006. And cyber-damage has cost $100 million over six months. Add to that rising threats to the private sector, including losses from identity theft and monetary scams, and the president said, it's clearly time for urgent action.
U.S. President Barack Obama: From now on, our digital infrastructure, the networks and computers we depend on every day, will be treated as they should be, as a strategic national asset.
Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy, and resilient. We will deter, prevent, detect and defend against attacks, and recover quickly from any disruptions or damage.
Jeffrey Brown: The president said he would soon appoint a coordinator to head a new White House office on digital security.
He also laid out a broad strategy to safeguard vital private and public computer networks. Those would include systems that handle financial transactions at the stock exchanges and manage air traffic control of the nation's skies.
Meanwhile, the Defense Department is crafting its own cyber-security military command to complement the new civilian efforts.
Broad spectrum of threats
Jeffrey Brown: And for more on all of this, we turn to Michael Vatis, who, in the late 1990s, headed the first federal agency charged with safeguarding the Internet from attack. He's now in private legal practice working on related Internet and technology matters.
And James Bamford, journalist and author of several books about national security, intelligent -- and the intelligence community.
Michael Vatis, first, how serious a problem is this? What kind of vulnerabilities are out there?
Michael Vatis, Internet security expert: This is an enormous problem.
We have vulnerabilities throughout the computer networks that make up what is known as cyberspace. There are vulnerabilities in the infrastructure of the Internet. There are vulnerabilities in the computer systems of the critical infrastructures tied to the Internet, of the banking systems, communication systems, energy systems.
All of these vulnerabilities can be exploited by foreign and domestic adversaries. And we have to address both the vulnerabilities themselves and the adversaries who would take advantage of them. This is an enormous problem and a broad spectrum of threats that we're facing.
Jeffrey Brown: James Bamford, that number I cited in the -- in the introduction of 360 million attempts, the Pentagon says, to penetrate data networks, that is kind of an astounding number.
What does it -- what does that mean, an attempt like that, and how is it fended off?
James Bamford, author, "Pretext For War": Well, there are a lot of attacks. There's a lot of people that want to get information. There's a lot of people that want to get into the banking system. There's a lot of people that have an interest in finding out what the Pentagon's doing.
How you prevent that is the question, I think, that they are trying to deal with right now. The problem we have had before is that there hasn't been an organized effort to try to mobilize what defenses the United States has.
And, today, they have created a cyber-czar for it. One problem with that, however, is that the person who is going to be the cyber-czar in the White House doesn't really have a lot of money to give out. That is mostly in the Pentagon. And there is a lot of worry that the NSA, which is the big intelligence agency, may get involved in trying to protect the infrastructure.
Jeffrey Brown: All right. Well, before we get to questions like that, though, I still want to understand the nature of the problem. I mean, who are the bad -- let me stay with you.
James Bamford: Sure.
Jeffrey Brown: Who are the bad guys in cyberspace? Who are the potential bad guys? Who are we talking about?
James Bamford: Well, a lot of the attacks are coming from China. A lot are coming from Russia. A lot are coming from just plain old hackers.
So, it's hard to tell exactly who the -- the attackers are. Somebody could be coming -- an attack could be coming from a computer in China. But that could be being sent from the Philippines. It could be being sent by anyplace.
So, where the attacks are coming from doesn't mean that -- necessarily, that that is where the -- the person behind that computer is the person sending the attack.
Jeffrey Brown: Mr. Vatis, what's -- what's your answer to, who are you most worried about?
Michael Vatis: Well, the biggest worry is about our potential adversaries, especially nation states, like China and Russia. If we ever come into a period of conflict, they have great capabilities in this area, and they could do enormous damage to our critical infrastructures, to our ability to project military force abroad. And they could disrupt our vital infrastructures here that -- that are necessary to the everyday functioning of our economy and our society.
So -- but those are more in the -- in the realm of the potential threats. They are not going to be unleashing incredibly destructive attacks right now, when we're at peace with both nations.
But, even today, we're seeing ongoing attacks that, as the president said, are causing an estimated $8 billion of -- of losses to American businesses and individuals every year, very active criminal groups in the former Soviet countries and in Eastern Europe that have made a very dynamic business enterprise out of stealing proprietary information, directly stealing funds from financial institutions, engaging in identity theft and -- and related extortion efforts....
Jeffrey Brown: So, Mr. Bamford, you started to talk about some of the issues going forward here, and -- and some of the questions, I guess.
One is almost an organizational question, given the kind of -- the number of agencies involved and the potential for conflicts, right? Is that what you are referring to?
James Bamford: Yes, the -- the problem is that there's attacks coming from a lot of places that people don't know where it is coming from.
So, the issue is, how do we protect the infrastructure? We have got a civilian infrastructure and a military infrastructure. And the military infrastructure, the talk right now is to use the National Security Agency, to a large degree, to -- as the protective force.
And the -- I think the danger with that is, the National Security Agency, if they get involved in the domestic telecommunications system, it could be a very disastrous move for privacy, because the NSA spent three years doing warrantless eavesdropping. And that could be one of the -- the issues if they get involved in trying to work inside the U.S. telecommunications system....
Michael Vatis: What we heard today was really a plan to make a plan. It isn't the plan itself. It's not the strategy. The only new thing today, in addition to the announcement that there will be a -- a White House czar in charge of all this, the really new thing is that the president himself took personal ownership of the issue.
For the complete story, go to Digital Threats Mark New Front in Nation's Security
Frequent additions and updates allow for human error--please report any broken links or other problems to Deborah Anderson, site manager--your help is appreciated.
NOTE: Dayton Codebreakers is back up and running. Thanks for your patience. My aim is to make continual updates during the next several weeks. E-mails to Deborah Anderson, in care of Dayton Codebreakers, are still appreciated, and I will try to respond promptly.
Use of materials by permission. Materials other than those clearly marked as National Archives materials are not in the public domain. More information here.
Latest update January 22, 2010