Needed: U.S. Cyber Defense Policy
By Rachel Ehrenfeld
Tuesday, April 5th, 2016 @ 9:21PM
Two years have passed since the Obama administration was tasked by Congress to develop cyber countermeasure policies. But in response to Sen. Joe McCain (R-AZ) question “Is it correct that these are policy-decision that have not been made?” U.S. Cyber Command Commander Adm. Michael S. Rogers responded: “The way I would describe it is, we clearly still are focused more on” an “event-by-event” approach to cyber incidents,”
If one follows the Obama administration has been dragging its feet when it comes to cyber threats that increasingly threaten the U.S. defense capabilities and the country’s economy, it is not difficult to see that even more than other national security related matters, the administration has adopted a slow-knee-jerk policy.
Rogers’ testimony today before the Senate Armed Services Committee, as well as his responses to questions from the members, revealed that the U.S. military cyber defense, deterrence, and offense capabilities are also lacking, as is the staffing of Cybercommand. He urged to “accelerate debate on how to balance security and privacy in the ever-changing digital realm.” Otherwise, Rogers warned, “an enemy could change and manipulate data — rather than enter a computer system and steal — that action would be a threat to national security.
Rogers repeated previous warnings that Russia’s cyber capabilities presented the biggest threat to the U.S. China is not far behind.
Rogers’ testimony was similar to what he has told the House (Select) Intelligence Committee on November 21, 2014. Today, as before the U.S. power grid, for example, is vulnerable to cyber attacks that could shut down the entire U.S. power grid and other critical infrastructure.” Russia, China, North Korea, and with growing potential, Iran, could lunch such an attack.
China’s economic cyber espionage cost hundreds of billions of dollars and it could, if it chose, to attack critical civilian and possibly military targets. Iran has successfully hacked an American drone in Afghanistan in December 2011 and apparently also the two naval vessels en route from Kuwait to Bahrain
last January, capturing and humiliating 10 American sailors. The Administration’s response? Sec. John Kerry profuse thanks to the regime for returning the sailors.
Many other cyber attacks have been attributed by the administration to skilled individuals or criminal groups in Russia. Once in a while, they are indicted in abstention, with the full knowledge they will never set foot in the U.S. Such was the indictment of 5 Chinese military hackers that in 2014, were charged in the Western District of Pennsylvania, with economic espionage. Or last month’s indictment of 7 Iranian hackers for mounting “a coordinated cyber assault” on 46 banks and other U.S. financial institutions from 2011 to 2013, and more recently, tried to take control of a small dam just north of New York City.”
Such ineffective indictments are used by the conflict – averse Obama administration as window dressing, leaving the window and even the door open to the nation’s cyber systems, wide open.
Presidential candidates should present and debate their cyber-security plans, and when the newly elected president takes office next January, an actionable policy could be implemented without delays.