By James McFarlin, National speaker and author on Cybersecurity and Cyberwarfare
In the years since WWII, America has protected its national interests by projecting dominant power across the globe in the four domains of land, sea, air, and space.
But in today’s newer, fifth domain of cyberspace, America projects a puzzling passive-aggressive posture that neither deters aggressors nor comforts its allies.
The picture of U.S. proactive cyber intelligence posture has been stripped and hung out to dry in full disclosure via the National Security Agency documents misappropriated by Edward Snowden, currently encamped and employed in Russia. In terms of setting the U.S. on its heels in cyberspace, Russian president Vladimir Putin could not have created a more savory scenario had he designed it himself.
Snowden’s headline-grabbing depictions of America’s cyber information-gathering practices were a gift to Islamic terrorist regimes of monumental proportions. New communications codes and channels were set. Revised methods for avoiding U.S. intelligence surveillance were put into effect. All flashed out for immediate use, one might imagine, via the U.S. social media tools such as Instagram, Twitter and YouTube favored by such organizations.
News of U.S. intelligence actions enraged some of America’s European allies, in particular those who felt they were on the receiving end of espionage actions best designed for use against potential assailants. Concurrently, U.S. tech firms rushed to distance themselves from involvement, seeking to protect their own global business interests.
However, in protecting its own interests, the relative level of U.S. inaction is a paradox.
Each year, hundreds of billions of dollars of intellectual property, including advanced weapons systems plans, are stolen by China’s cyber military groups.
In 2014, nearly 525 million personal and financial records were stolen from U.S. institutions by Russian and other cyber crime syndicates. More than 80 million personal records were appropriated from Anthem Health alone.
The latest cyber heist? From none other than the files of the Internal Revenue Service. This theft occurred in spite of several years of warnings issued to the IRS regarding its lax and ineffective cyber security procedures. The IRS response? Those American taxpayers who had their tax records stolen were offered a free year of credit monitoring, so they could be informed when their identities were used to establish lines of credit, obtain loans, or open credit and debit card accounts.
The U.S. inexplicably allows attacks on American corporate, military and government networks to occur without retribution. Further, this posture is not expected to change. In a recent presentation at Stanford University on the Department of Defense 2015 National Cyber Strategy, defense secretary Ashton Carter informed private enterprise that as far as cyber security is concerned, “You are on your own.”
This lack of commitment to cyber defense is poised to take a further fall. The just-signed into law USA Freedom Act, among other restrictions, prohibits the National Security Agency’s continued capture of telephone metadata, transferring such responsibility to the telecom companies.
The lapse of such intelligence gathering measures is widely considered to seriously degrade U.S. national defense capabilities and increase America’s vulnerability to attack.
Where can this path lead? With the security of the post-WWII world all but vanished from current view, its replacement – our future – may already be written.
Following 9/11, U.S. intelligence agencies were widely faulted for not collecting the proper information, “not connecting the dots,” to prevent the attacks. Thomas Keane and Lee Hamilton, co-chairs of the 9/11 Commission, published an update to their original report, fittingly, on September 11, 2014. In their updated report, they stated the following:
“One lesson from 9/11 is that we didn’t awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.”
How short must our memories be?