There’s new language for a new kind of arms race.
President Barack Obama punctuated his speech at a summit on cybersecurity and consumer protection by signing an executive order to boost America’s defense against cyber attack. Billed as a White House summit, the event was held at Stanford, with the title “consumer protection” wisely appended as a way to blunt unease over a sleuthing NSA safeguarding individual privacy.
“It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm,” Obama said. “The same information technologies that help make our military the most advanced in the world are targeted by hackers from China and Russia who go after our defense contractors and systems that are built for our troops.”
Like the atom bomb, cyber warfare has become a can’t-be-wished-away evil.
The challenge was flagged earlier by two key members of the 9/11 Commission, former Washington Sen. Slade Gorton and former U.S. Justice Department Deputy Attorney General Jamie Gorelick.
“The middle is just about gone,” said Gorelick, lamenting the lack of bipartisanship in American security policy in a recent speech at the National Bureau of Asian Research’s Slade Gorton International Policy Center in Seattle. Gorelick and Gorton, along with their fellow Democrat and Republican 9/11 commissioners, defied partisan odds and worked in common cause on the original 2004 report. Ten years later, they again came together to underscore evolving threats and Congressional inertia.
Their to-do list includes centralizing Congressional oversight of the Department of Homeland Security. Congress currently has 92 committees and subcommittees that noodle DHS funding and operations. “With 92 bosses, you can’t have a unified strategy,” Gorelick said.
Other priorities include giving the Director of National Intelligence budget authority so he or she can shift funding when necessary, as well as ending budget sequestration, which arbitrarily pinches resources and morale.
And there’s the big kahuna, defending the “cyber domain.” Much of the battle, according to a 2014 compendium of 9/11 Commission recommendations, is communicating the magnitude of the threat to the public and private sector. It’s a humungous undertaking.
“In 2014 the government planned to spend more than $13 billion on cyber defense programs, mostly to protect government computers and networks, and to share threat intelligence with private industry,” writes Shane Harris in @War, his superb history of the Internet-military tangle.
In contrast, Harris notes that the government budgeted $11.6 billion to address climate change. All the while, political leadership is largely absent.
“Congress has repeatedly failed to pass critical cybersecurity legislation needed to solve even small problems, such as information sharing,” writes Slade Gorton in a 2014 NBR commentary. “The administration has apparently done what it can within the existing legal framework, but it is also clear that cybersecurity reform is not an agenda priority for the president.”
Gorton also recommends revising the authorization for the use of military force to incorporate cyber threats. The latest authorization draft, targeting the Islamic State, doesn’t prioritize cyber readiness.
Will Obama’s executive order move the needle?
"The president's action was a modest step in the right direction,” Gorton said last Tuesday. “It needs to be supplemented by his recommendation to Congress to allow for aggressive counterattacks against cyber attackers by both the public and private sectors and authority to impose trade sanctions against countries that sponsor cyber attacks."
Bipartisan leadership, the kind exemplified by Gorton, Gorelick and the 9/11 Commission, is the best vehicle to navigate the narrow line separating civil liberties and cybersecurity. “Don’t cede politics to the wings,” Gorelick said, noting how both parties are handcuffed by ideology.
If ever there was a need for a vital center in American politics, it’s now.