Once you get through this story by a Reuters all-star team of Phil Stewart, Diane Bartz, Jim Wolf and Jeff Mason, you’ll probably be depressed. America’s public and private institutions, they write, are effectively in a state of cyber-siege, or, if you prefer, cyber-chaos, enduring attacks from spies who want to vacuum up secrets, enemies who want to bring sites down, or vandals who just want to deface as much as they can. As you’ve read here before, there’s no telling how much classified information has already been lost to hacking, nor is there any guarantee DoD’s new cyber-strategy will afford any immediate help, beyond its hazy threat of real-world retaliation for cyber attacks.
The government is trying to help, the Reuters team writes, but things are not going well: “Notwithstanding the military’s efforts, however, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies such as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.” The anarchic nature of the web, and the nature of the American institutions that rely on it — slow-moving, disconnected at best and dysfunctional at worst — means you can’t just send Delta to go kill a guy and make this threat go away.
Lawmakers and public officials often talk about a hypothetical future in which the U.S. comes under a major cyber attack — incoming Secretary Panetta warned the Senate Armed Services Committee that a cyber attack could be the “next Pearl Harbor.” But the state of American cyber-security today already seems to be in crisis, with constant headlines about the latest cyber-damage somewhere. (Even GanGovMedCorp’s Military Times newspapers were attacked!) Is this just how it’s going to be from here on out, so long as criminal and state-sponsored black hatters can always keep a step ahead of the government and industry?
If you want to get a taste of just how dire our situation is, take a look at the Reuters team’s breakdown of how far the U.S. remains from any coherent plan for a solution to the cyber-problem:
Experts say that one of the toughest challenges of cyber defense is, oddly, definitions. What constitutes “cyber”? Computers and digital networks, certainly. But how about digitized pictures or video streams from a pilotless Predator drone flying over Pakistan?
Who is responsible for protecting what? Where does national security begin and privacy end?
“The other big problem is lack of policy,” said one former U.S. official. “(We) lack policy because we lack consensus. We lack consensus because we haven’t had an informed debate. We lack an informed debate because we don’t have a common pool of data. And we don’t have a common pool of data because we don’t share it.”
Washington will never just throw up its hands and say, ‘well, this is too hard. We give up.’ But amid the endless calls for “debate” — “oh, we can’t do anything until we’ve had a good debate!” — there should probably also be some calls for realism: Until or unless the authorities get this figured out, Americans should evidently expect cyber-snooping, hacking and online vandalism all to become facts of life.