Tag: defense

Awesome, Fearsome, Awesome - Or Maybe Silly

This video is making the rounds because Senator Jay Rockefeller (D-WV) muses in it that perhaps the Internet shouldn’t have been invented.

He immediately grants, “That’s a stupid thing to say” - perhaps for political reasons, or perhaps because he recognizes that the Internet makes us much better off despite every risk it carries and security flaw in it.

But he goes on to overstate cybersecurity risks excessively, breathlessly, and self-seriously. Not quite to the point of stupid - maybe we can call it “silly.”

The Department of Defense, he says, is “attacked” three million times a day. Well, yeah, but these “attacks” are mostly repetitious use of the same attack, mounted by “script kiddies” - unsophisticated know-nothings who get copies of others’ attacks and run them just to make trouble. The defense against this is to continually foreclose attacks and genres of attack as they develop, the way the human body develops antibodies to germs and viruses.

It’s important work, and it’s not always easy, but securing against attacks is an ongoing, stable practice in network management and a field of ongoing study in computer science. The attacks may continue to come, but it doesn’t really matter when the immunities and failsafes are in place and continuously being updated.

More important than this kind of threat inflation is the policy premise that the Internet should be treated as critical infrastructure because some important things happen on it.

Of cyber attack, Rockefeller says, “It’s an act … which can shut this country down. Shut down its electricity system, its banking system, shut down really anything we have to offer. It is an awesome problem.”

Umm, not really. Here’s Cato adjunct scholar Tim Lee, commenting on a report about the Estonian cyber attacks last year:

[S]ome mission-critical activities, including voting and banking, are carried out via the Internet in some places. But to the extent that that’s true, the lesson of the Estonian attacks isn’t that the Internet is “critical infrastructure” on par with electricity and water, but that it’s stupid to build “critical infrastructure” on top of the public Internet. There’s a reason that banks maintain dedicated infrastructure for financial transactions, that the power grid has a dedicated communications infrastructure, and that computer security experts are all but unanimous that Internet voting is a bad idea.

Tim has also noted that the Estonia attacks didn’t reach parliament, ministries, banks, and media - just their Web sites. Calm down, everyone.

But in the debate over raising the bridge or lowering the river, Rockefeller is choosing the policy that most enthuses and involves him: Get critical infrastructure onto the Internet and get the government into the cyber security business.

That’s a recipe for disaster. The right answer is to warn the operators of key infrastructure to keep critical functions off the Internet and let markets and tort law hold them responsible should they fail to maintain themselves operational.

I have written elsewhere about maintaining private responsibility for cyber security. My colleague Ben Friedman has written about who owns cyber security and more on the great cyber security freakout.

The Problem of Guantanamo

The Constitution obviously does not leave Americans helpless in fighting against those who wish them ill.  But it also sets standards of conduct that should not – indeed, cannot – be carelessly tossed aside.

The prison at Guantanamo Bay has become such an international symbol of the U.S. abandoning its principles because it reflects an anti-terrorism policy gone badly awry.  First, the Bush administration was both callous and careless in imprisoning people, even paying unreliable tribal allies for captives.  Second, the U.S. government created no effective and objective truth-determining process to assess guilt.  Third, Washington employed torture, violating both domestic and international law.

No doubt dangerous terrorists have been incarcerated at Gitmo.  But so too have many innocent people.  Indeed, the claims of former State Department Chief of Staff Larry Wilkerson are particularly sobering:

Lawrence B. Wilkerson, the former chief of staff to Secretary of State Colin Powell, admitted today that of the approximately 800 detainees held at Guantanamo Bay since the controversial detention center opened, only “two dozen or so” were actually terrorists. Wilkerson told the Associated Press today that “there are still innocent people there,” and that “some have been there six or seven years.”

Wilkerson made other comments earlier in the week in an internet posting entitled “Some Truths About Guantanamo Bay.” In that posting he said that “several in the US leadership became aware of the lack of proper vetting very early on and thus, of the reality that many of the detainees were innocent of any substantial wrongdoing, had little intelligence value, and should be immediately released.”

Wilkerson also claimed that then-Secretary Powell and Richard Armitage were pressuring for the repatriation of as many detainees as possible, and that former Defense Secretary Donald Rumsfeld and Vice President Dick Cheney were unphased by the fact that “among the detainees was a 13 year old boy and a man over 90,” standing in opposition to returning detainees.

Even if Wilkerson exaggerates–and he has been a credible witness so far–he points to the price America has paid for failing to live up to its principles.  The U.S. has locked up many who were neither terrorists nor otherwise dangerous.  Doing so undoubtedly has helped turn some people in and out of Gitmo towards violence against America.  And mistreating the innocent has badly sullied America’s reputation as a shining city upon a hill.

Confronting terrorism will never be easy.  But violating America’s principles is no way to defend the America in which we all claim to believe.

Defense Cost Overruns

Wow, a bipartisan effort to actually do something about government waste. From the Washington Post today:

A bill to end cost overruns in major weapons systems would create a powerful new Pentagon position – director of independent cost assessments – to review cost analyses and estimates, separately from the military branch requesting the program.

Those reviews, unlike in the current process, would take place at key points in the acquisition process before a weapons program can proceed, according to legislation sponsored by Sen. Carl M. Levin (D-Mich.) and Sen. John McCain (R-Ariz.)

This seems like a step forward, but cost overruns are a big problem across the entire federal government, not just at the Pentagon. Federal financial management of energy, highway, and computer projects has been appalling, for example. I’ve written about this here and elsewhere.

The government needs to buy weapons, and so we should try to improve the Pentagon process as best we can. However, the federal government does not need to buy highways, airports, air traffic control computers and many other things that have chronic cost overruns. Those items should be privatized.