Tag: William Lynn III

Oh, the Uses of the ‘Cyber’ Prefix: Cyberbellicosity, for Example

Senate Majority Leader Harry Reid’s (D-Nev.) announcement yesterday of upcoming Senate action on cybersecurity legislation coincides nicely with reporting that the recently discovered Flame virus has similarities to Stuxnet. You see, the best example of a cyberattack having kinetic effects—causing physical damage—is Stuxnet. It targeted Siemens industrial software and equipment used in Iran’s nuclear program, causing damage to some centrifuges used in that program.

Stuxnet is widely believed to be a product of the U.S. and Israeli governments. Flame’s kinship with Stuxnet adds to the story: Our government is a top producer of cyberattacks.

The methods used in these viruses will be foreclosed as researchers unpack how they work. Our technical systems adapt to new threats the way humans develop antibodies to disease. But in the near term the techniques in Stuxnet and Flame may well be incorporated into attacks on our computing infrastructure.

The likelihood of attacks having extraordinary consequences is low. This talk of “cyberwar” and “cyberterror” is the ugly poetry of budget-building in Washington, D.C. But watch out for U.S. cyberbellicosity coming home to roost. The threat environment is developing in response to U.S. aggression.

This parallels the United States’ use of nuclear weapons, which made “the bomb” (Dmitri) an essential tool of world power. Rightly or wrongly, the United States’ use of the bomb spurred the nuclear arms race and triggered nuclear proliferation challenges that continue today. (To repeat: Cyberattacks can have nothing like the consequence of nuclear weapons.)

Senator Reid has gone hook, line, and sinker for the “cyber-9/11” idea, of course. Like all politicians, his primary job is not to set appropriate cybersecurity policies but to re-elect himself and members of his party. The tiniest risk of a cyberattack making headlines to use against his party justifies expending taxpayer dollars, privacy, and digital liberties. This it not to prevent cyberattack. It is to prevent political attack.

Politics is well understood by the authors of the letter Senator Reid cited in his statement about bringing cybersecurity legislation to the Senate floor. They are mostly from the party opposite his. Several of them participated at some level in developing our nation’s cyberbellicose world posture. And several now make their living in consulting and contracting firms that respond to the danger they helped create.

They are:

  • Michael Chertoff, Homeland Security secretary under President Bush, is now co-founder and Managing Principal of The Chertoff Group, which “provides business and government leaders with the same kind of high-level, strategic thinking and diligent execution that have kept the American homeland and its people safe since 9/11.”
  • Mike McConnell, former director of the National Security Agency and National Intelligence under President Bush, is now Vice Chairman of Booz Allen Hamilton.
  • Paul Wolfowitz was a deputy defense secretary under President Bush, now a visiting scholar at AEI.
  • General Michael Hayden, former director of the NSA and the CIA under President Bush, is now a principal at the Chertoff Group, and in January 2011 was elected to the Board of Directors of Motorola Solutions, which “provides business- and mission-critical communication products and services to enterprises and governments.”
  • Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff, is on the board of advisors of TASC, Inc. TASC “provides advanced systems engineering, integration and decision–support services to the Intelligence Community, Departments of Defense and Homeland Security and civilian agencies of the federal government. We deliver honest counsel, forward–thinking engineering and advanced technologies that help our customers protect Americans at home, in the air, on the battlefield and in cyberspace.”
  • Hon. William J. Lynn III, former deputy defense secretary, is now Chairman & CEO of DRS Technologies, a Defense and Security Electronics Division of Italian industrial group Finmeccanica. DRS Technologies is “leading supplier of integrated products, services and support to military forces, intelligence agencies and prime contractors worldwide.”

We Fail More—So Put Us in Charge

The Washington Post reports today on an article coming out in Foreign Affairs in which Deputy Defense Secretary William J. Lynn III reveals a successful 2008 intrusion into military computer systems. Malicious code placed on a thumb drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command and propagated itself across a number of domains.

The Post article says that Lynn “puts the Homeland Security Department on notice that although it has the ‘lead’ in protecting the dot.gov and dot.com domains, the Pentagon — which includes the ultra-secret National Security Agency — should support efforts to protect critical industry networks.”

The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.