For cybersecurity wonks who see Chinese agents or al Qaeda hackers lurking behind every email from a Nigerian prince, this was one hell of a busy week. With fallout continuing from the recent attack against Google, Director of National Intelligence, National Security Agency, House of Representatives, National Telecommunications and Information Administration, and Department of Defense all shifted their attention to the many threats against our Internet infrastructure.
Up on Capitol Hill, the Senate got an earful from Dennis Blair, the Director of National Intelligence, who opened his written testimony to the Senate Select Intelligence Committee with warnings that a cyberattacks against our communications and power grids were increasing in effectiveness and frequency.
“Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication,” Blair told the committee. “Sensitive information is stolen daily from both government and private-sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey.”
Meanwhile, on the other side of the Capitol Building, the House of Representatives nearly unanimously agreed to all the amendments on H.R. 4061, Cybersecurity Enhancement Act of 2009, paving the way for its passage through the House. The bill would significantly increase the funding for cybersecurity training and infrastructure at the cost of an extra $3 per citizen, per year, until 2014.
Moving south across the Potomac, the Pentagon released its Quadrennial Defense Review for 2010. The QDR reviews the entirety of US defense, and sets the priorities for the next four years. Cybersecurity was a big winner, shifting from almost a footnote of larger intelligence operations in the 2006 QDR to a key mission area in the 2010 QDR. Clearly, Secretary of Defense Robert Gates is just as worried about these attacks as Director Blair.
Back in DC, today the Online Safety and Technology Working Group section of the National Telecommunications and Information Administration held a conference on Internet safety for children. As addressed at the conference, law enforcement agencies from local police to the Department of Justice say they want information companies to create a backdoor into email accounts so cops can swiftly and easily tap into electronic communications. In fact, one conference attendee, a Phoenix police department sergeant named Frank Kardasz, even said that information companies that delete old user information “are the unwitting facilitators of Internet crimes against children.” Yes, won’t somebody please think of the children!?
And traveling back north to Maryland, Google announced that the National Security Agency, America’s premier digital intelligence agency, will help it locate the source of the recent hacking attack. The specter of a secret intelligence agency teaming up with the company follows all your searches and reads all your emails may scare some, but don’t worry, the NSA was probably reading your Gmail messages already.
Meanwhile, across the country, utility companies aren’t waiting for Uncle Sam to get its cybersecurity act together, and are taking their defense into their own hands. According to a new report by the Pike institute, utility companies will spend $21 billion over the next three to five years to protect their smart grids against the exact kind of malicious attacks that Director Blair warned Congress about.
But why all this action now? Partially it’s just a coincidence of Washington scheduling, but according to a number of experts, it’s also an attempt by the US security establishment to start 2010 off right, after years of inaction.
“We’ve had a developing crisis for some time, and people are beginning to respond to it,” said Scott Borg, Director and Chief Economist of the U.S. Cyber Consequences Unit, a non-profit founded by the U.S. government that now independently consults with the government and businesses. Adding, “a lot of these things are overdue.”
Martin Libicki, the author of Conquest in Cyberspace and a senior policy analyst at the Rand Corporation, concurred, noting that, “”You’re basically seeing a buildup of three years of momentum.” Libicki also thinks that Google’s admission that it had been penetrated has brought the issue of cybersecurity new levels of publicity, and encouraged other organizations to admit their own struggles with hackers.
“Google has set the new standard,” said Libicki. “If it can happen Google, who is in the Internet business, and in many cases is the Internet, then Ma and Pa Gearswitch can come out and admit they were attacked.”
So with Google making it OK to talk about attacks, and the Government shifting to attack the problem head-on, expect a future with more weeks like this, where cybersecurity dominates the headlines.