11 December 2015

The cyberwar is on

http://www.politico.com/agenda/story/2015/12/cyber-security-policy-000329

Americans are caught in a landscape of totally new threats, from malicious kids to organized criminals to cyber offensives by entire nations. Now the Pentagon is mobilizing. Does the rest of Washington have a clue what to do?
Here’s the picture: Somewhere in the Ukraine, maybe Belarus, there’s a kid named Andrey with a cheap Windows computer in his bedroom. He’s running some security-test software that his friends downloaded from an anonymous server in Finland. On top of that, he’s written a few lines of his own code, turning the test program into a piece of malware that can slide through a firewall, and he’s taking it for a spin.
And right now he’s watching you read this.

Or maybe it’s not exactly Andrey. Maybe the picture is a low-ranking technical assistant in a glass tower outside Beijing, and she’s sorting a huge dump of social-security numbers for the People’s Liberation Army, tens of millions of digits, and nine of them are yours. Or maybe she’s part of a bigger project upstairs, a button that hasn’t been pushed yet, and she’s circling the electronic security perimeter of an American power network—the one keeping your computer on, and running the traffic lights in your suburb.

We know cyberthreats aren't new: a Cornell grad student nearly brought down the Internet by mistake with a worm he wrote in 1988. But back then the network was still small. Today the digital landscape is where America lives: It's where we do business, store our health records, keep our kids' photos; it's how cities run their services and the nation defends its security perimeter. And quickly it has become a whole new kind of battlefield, with a steady drumbeat of attack, defense, and evasion that blurs the lines between business, personal and government.

Quickly the concerns around America's cyberthreats are converging. and forcing choices for policymakers. Is encryption a necessary protection for consumers, or a dangerous aid to criminals and terrorists? How closely should companies be required to work with the government? The Pentagon has stirred into action on its own, launching an ambitious new cyberforce whose mission is still largely shrouded. But the issues are remarkably poorly understood by the elected political leaders who will soon need to make the difficult decisions about how to classify the threats, how to counter them and how to mobilize American know-how to defend the nation. The nation's most important cyber bill, which only starts to answer some of these questions, is still stalled in Congress as more theatrical political arguments crowd it out.

The American government faces two parallel challenges: defending its own networks against the constant stream of threats and attacks coming from outside, and staking out its role in protecting the rest of the country against a threat that can come from anywhere, anytime. What do we need to do? And who’s going to do it? The second question isn’t trivial: cyberdefense requires a huge new workforce of skilled experts also heavily in demand from private industry, and as Darren Samuelsohn finds in a sweeping new survey of Washington’s talent gap, departments are fanning across the country at job fairs, and on LinkedIn, trying to pull in as much cyberskill as possible. For all that, they’re actually losing ground in the recruiting war—and that’s leading to more radical proposals, like overhauling the generations-old civil-service personnel system.

Meanwhile, the U.S. military's cyber effort has sprouted more than 100 mission teams but leaves a crucial question still unanswered: What are the laws of war for the cyberarena? In a realm where there’s no clear line between a nuisance, a snoop and a bomb, what constitutes an act of war? When does America strike? Agenda reporter Danny Vinik finds a surprising number of those questions unanswered, starting with what cyberweapons America actually has in its arsenal.

In this special issue of The Agenda, POLITICO reporters and outside experts survey the landscape of threats that America is just beginning to contend with. Cybersecurity reporter Joe Marks outlines the strange new problem of China, where one of America’s most important global trading partners also appears to be building an economy on the cybertheft of our national assets—and it’s not always clear whether a hard line is the best policy. David Perera sits down with encryption expert Matt Blaze to walk through the tricky policy landscape around keeping our own communications secret, which could be the best defense against theft and spying, but also leaves law enforcement at a loss to track potential bad actors. And cybersecurity reporter Tim Starks explains why “cyber” is one of the rare public-policy issues that actually suffers from lack of politicization.

Also in this issue, a survey of national cyberexperts describe the range of unsettling future threats on their minds, the Pentagon official who first publicly referred to an “electronic Pearl Harbor” reflects on the legacy of an inflammatory idea, and cybersecurity expert Becky Bace suggests that what America really needs right now is a national “Ralph Nader moment,” when the computer industry’s attention is permanently refocused on security.

Welcome to The Cyber Issue.

— Stephen Heuser, Editor, The Agenda

No comments: