Editor’s Note: We need all of the Federal government.
From: New Republic
Ever since stories about the National Security Agency’s (NSA) electronic intelligence-gathering capabilities began tumbling out last June, The New York Times has published more than a dozen editorials excoriating the “national surveillance state.” It wants the NSA to end the “mass warehousing of everyone’s data” and the use of “back doors” to break encrypted communications. A major element of the Times’ critique is that the NSA’s domestic sweeps are not justified by the terrorist threat they aim to prevent.
At the end of August, in the midst of the Times’ assault on the NSA, the newspaper suffered what it described as a “malicious external attack” on its domain name registrar at the hands of the Syrian Electronic Army, a group of hackers who support Syrian President Bashar Al Assad. The paper’s website was down for several hours and, for some people, much longer. “In terms of the sophistication of the attack, this is a big deal,” said Marc Frons, the Times’ chief information officer. Ten months earlier, hackers stole the corporate passwords for every employee at the Times, accessed the computers of 53 employees, and breached the e-mail accounts of two reporters who cover China. “We brought in the FBI, and the FBI said this had all the hallmarks of hacking by the Chinese military,” Frons said at the time. He also acknowledged that the hackers were in the Times system on election night in 2012 and could have “wreaked havoc” on its coverage if they wanted.
Such cyber-intrusions threaten corporate America and the U.S. government every day. “Relentless assaults on America’s computer networks by China and other foreign governments, hackers and criminals have created an urgent need for safeguards to protect these vital systems,” the Times editorial page noted last year while supporting legislation encouraging the private sector to share cybersecurity information with the government. It cited General Keith Alexander, the director of the NSA, who had noted a 17-fold increase in cyber-intrusions on critical infrastructure from 2009 to 2011 and who described the losses in the United States from cyber-theft as “the greatest transfer of wealth in history.” If a “catastrophic cyber-attack occurs,” the Timesconcluded, “Americans will be justified in asking why their lawmakers … failed to protect them.”
When catastrophe strikes, the public will adjust its tolerance for intrusive government measures.
The Times editorial board is quite right about the seriousness of the cyber- threat and the federal government’s responsibility to redress it. What it does not appear to realize is the connection between the domestic NSA surveillance it detests and the governmental assistance with cybersecurity it cherishes. To keep our computer and telecommunication networks secure, the government will eventually need to monitor and collect intelligence on those networks using techniques similar to ones the Timesand many others find reprehensible when done for counterterrorism ends.
The fate of domestic surveillance is today being fought around the topic of whether it is needed to stop Al Qaeda from blowing things up. But the fight tomorrow, and the more important fight, will be about whether it is necessary to protect our ways of life embedded in computer networks.
Anyone anywhere with a connection to the Internet can engage in cyber-operations within the United States. Most truly harmful cyber-operations, however, require group effort and significant skill. The attacking group or nation must have clever hackers, significant computing power, and the sophisticated software—known as “malware”—that enables the monitoring, exfiltration, or destruction of information inside a computer. The supply of all of these resources has been growing fast for many years—in governmental labs devoted to developing these tools and on sprawling black markets on the Internet.
Telecommunication networks are the channels through which malware typically travels, often anonymized or encrypted, and buried in the billions of communications that traverse the globe each day. The targets are the communications networks themselves as well as the computers they connect—things like the Times’ servers, the computer systems that monitor nuclear plants, classified documents on computers in the Pentagon, the nasdaq exchange, your local bank, and your social-network providers.
To keep these computers and networks secure, the government needs powerful intelligence capabilities abroad so that it can learn about planned cyber-intrusions. It also needs to raise defenses at home. An important first step is to correct the market failures that plague cybersecurity. Through law or regulation, the government must improve incentives for individuals to use security software, for private firms to harden their defenses and share information with one another, and for Internet service providers to crack down on the botnets—networks of compromised zombie computers—that underlie many cyber-attacks. More, too, must be done to prevent insider threats like Edward Snowden’s, and to control the stealth introduction of vulnerabilities during the manufacture of computer components—vulnerabilities that can later be used as windows for cyber-attacks.
Leave a Reply