Which Defense Companies Will Help the US Win the Cyber War?
What a 17-fold increase in cyber attacks against American infrastructure between 2009 and 2011 might mean for the defense industry.
MINYANVILLE ORIGINAL At last week's Aspen Security Forum, General Keith B. Alexander, head of the National Security Agency and the United States Cyber Command, spoke of a 17-fold increase in cyber attacks against American infrastructure between 2009 and 2011. (If you're not familiar with Cybercom, its mission statement, "9ec4c12949a4f31474f299058ce2b22a," is a 32-character MD5 "hash" or "message-digest" code which when translated, means:
USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
However, according to the New York Times, which is a media sponsor of the Aspen conference, Gen. Alexander is wholly underwhelmed by our current operational readiness for such endeavors:
General Alexander said that what concerned him about the increase in foreign cyberattacks on the United States was that a growing number were aimed at "critical infrastructure," and that the United States remained unprepared to ward off a major attack. On a scale of 1 to 10, he said, American preparedness for a large-scale cyberattack is "around a 3." He urged passage of legislation, which may come to a vote in the next week, that would give the government new powers to defend private computer networks in the United States. The legislation has prompted a struggle as American companies try to avoid costly regulation on their networks, and some civil liberties groups express concern about the effect on privacy.
It was only about a year ago, when, at the 2011 RSA Conference -- an annual expo hosted by RSA Security, a division of the EMC Corporation (EMC) -- Deputy Defense Secretary William Lynn III said the DoD now recognized cyberspace as "a new and official warfare domain," joining the ranks of air, land, sea, and space.
Secretary Lynn maintained that, "The threat is moving up a ladder of escalation, from exploitation to disruption to destruction," and is fully aware that "a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage," and that "we have to assume that if they have the means to strike, they will do so."
Still, some believe the concern, while real, is being ginned up to unrealistic threat levels by self-interested parties.
Susan P. Crawford, a former special assistant to President Obama for science, technology, and innovation policy, maintains that, "[a]s terrestrial wars wind down, military contractors are looking for new revenue streams."
In a recent editorial in Bloomberg View, Crawford wrote: "They have become cyberwar doomsayers, banging the drums of fear and claiming that cybersecurity must be our highest priority. They are also buying tools and code that our government can use to attack other countries online."
Professor Peter Sommer of the London School of Economics, a digital forensics expert, believes, "There's quite a lot in it," but that the threat is "also extensively hyped."
As he told the BBC last year:
In terms of the involvement of the big military companies, you have to realize that they are finding it extremely difficult to sell big, heavy equipment of the sort they are used to because the type of wars that we're involved in tend to be against insurgents.
And so they are desperately looking for new product areas -- and the obvious product area, they think, is cyber warfare -- I'm not so sure about that."
And Tom Mahnken, professor of strategy at the US Naval War College, expressed his doubts that cyber warfare is even much of a threat to developed nations at all. Writing in Foreign Policy, Mahnken warned against what he terms "cyber hysteria":
Although many view cyber weapons as tools of the weak, they are likely to be most effective when wielded by the strong. That is because cyber means cannot compensate for weakness in other instruments of power. In other words, if a cyber attack by a weaker power on a stronger one fails to achieve its aim, the attacker is likely to face retaliation. In such a situation, the stronger power will possess more, and more lethal, options to retaliate -- what is known in nuclear deterrence terminology as escalation dominance. A weak power might be able to cause a stronger power some annoyance through cyber attack, but in seeking to compel an adversary through cyberwar, it would run the very real risk of devastating escalation.
Whether or not cyber warfare will be the destructive force some fear, what is certain is that other countries are pursuing it with focus.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.