Left: Credit: CNN, October 9, 2015 –
Everyone is shocked, shocked by WikiLeaks’ latest exposé that the Central Intelligence Agency (CIA) has been exploiting software vulnerabilities in our digital and electronic devices. All those “shocked” should have known better by now.
After the publications of files stolen by former National Security Agency’s contractor, Edward Snowden, on U.S. military capabilities, operations, tactics, techniques and procedures, and surveillance details, President Obama announced, “Nobody is listening to your telephone calls.”
In the spring of 2016 — months before Hillary Clinton’s and John Podesta’s emails were published by WikiLeaks — the Pew Research Center survey showed that many Americans “do not trust modern institutions to protect their personal data — even as they frequently neglect cybersecurity best practices in their own personal lives.”
For well over a decade, cyber experts have been testifying in open and closed Congressional hearings on the escalation of hacking into United States government agencies and private industries, communication, websites, and email. All without exception issued warnings on the short-term damages and the long-term threat posed by such hacking to U.S. national security and interests, and the American people by Chinese, Iranian, Russian, and other cybersavvy intelligence agencies, criminal and terrorist organizations. All the while very few, if any, warned of the proliferation of ground-based jammers and their growing interference with GPS timing and locations services, or data corruption and insertion.
In 2010, then Former Under Secretary of Defense for Policy Jim Miller lamented, “The scale of compromise, including the loss of sensitive and unclassified data, is staggering. We’re talking about terabytes of data, equivalent to multiple libraries of Congress.” (The Library of Congress is the world’s largest library, archiving millions of books, photographs, maps, and recordings.)
Successive governments and the private sector have failed to secure our communications, exposing our personal and national secrets, costing untold economic damage to individuals, companies, and our national security.
While the Obama administration oversaw the accelerated pace of moving to wireless communications — leaving very few alternatives, if any, for a time when those will be unavailable due to attack or natural disaster — it has adopted a slow knee-jerk cybersecurity policy. In 2014, the Obama administration was tasked by Congress to develop cyber countermeasure policies. But in response to Sen. John McCain’s (R-AZ) question “Is it correct that these are policy-decisions that have not been made?” U.S. Cyber Command Commander Admiral Michael S. Rogers responded: “The way I would describe it is, we clearly still are focused more on” an “event-by-event” approach to cyber incidents.” He urged to “accelerate debate on how to balance security and privacy in the ever-changing digital realm.” Otherwise, Rogers warned, “an enemy could change and manipulate data — rather than enter a computer system and steal — that action would be a threat to national security.”
Very little has changed since Admiral Rogers warned that the U.S. vulnerability to cyberattacks could allow hackers to shut down the electric grid throughout the country, disable communications and the operations of the critical infrastructure, and other industrial systems. On March 2, 2017, in what seems like Groundhog Day, Sen. McCain warned again, “Treating every attack on a case-by-case basis, as we have done over the last eight years has bred indecision and inaction, and the appearance of weakness has emboldened our adversaries.” In the meantime, as February’s Defense Science Board’s report details, Russia, China, North Korea, and with growing potential, Iran could launch such an attack today,
When Chinese hacking of the New York Times was exposed by the paper in January 2013, the conflict-averse Obama administration used a few well-publicized trials of Chinese military hackers (in absentia), as window dressing, leaving the window and even the door open to the nation’s cyber systems wide open.
The technological difficulties in developing cybersecurity are compounded by widespread cyber illiteracy in America and a prevalent misguided interpretation of the need for transparency. On October 11, 2012, then-Secretary of Defense Leon Panetta told a gathering of business people: “Potential aggressors should be aware that the United States can locate them and hold them accountable for actions that harm America or its interests,’ he said.” Perhaps. However, sophisticated, corrupt and ideologically motivated government employees and contractors who hack into the systems, steal information and either sell or leak it, seem more difficult to track. As for government employees, many are cyber-illiterate, unable to grasp the risk associated with cyber communications.
In 2015, the Office of Personnel Management announced that it had discovered that at the personal information of “least 22.1 million current and former employees along with extensive information about friends, relatives, and others listed as references in applications for security clearances for some of the most sensitive jobs in government” have been hacked. Other government agencies, including the Department of Defense and the Department of Energy, have been hacked untold times. Some countermeasures to stop the hacking worked, but the hacking continued.
There is no public assessment of the damage already done to our defense capabilities, financial institutions, and the economy. The government, if it knows, keeps this information from the public. The private sector, for its part, is unwilling to speak publicly about the damages it has suffered, and, unsurprisingly, with little trust in the government, is often reluctant to exchange information. While details to increase cybersecurity are worked out, our adversaries, like the CIA, continue to exploit vulnerable websites and easy-to-breach cybersecurity systems, which allow the stealing of data relevant to new cybersecurity strategies, thus facilitating their ability to maintain their advantages.
Protection against cyberattacks and GPS interference should be among the U.S. government’s highest and most urgent priorities.
President Trump should assemble the brightest cyber and GPS experts in the nation to participate in a highly secluded “Manhattan Project”-like group, to develop alternatives to the Internet and the current systems of wireless communication. The team should consist of experts from government, academia, and the private sector, thus gaining the confidence of the public. Better organization and less bureaucracy could be provided by the private sector and funding should be allocated by Congress, as well as the private sector.
The organizers should insist on keeping the project secret. No detail should be discussed over the phone, in email or on the Internet, so national security secrets that have not been stolen yet, along with new ones, would remain secret.
* This commentary was first published in American Thinker, March 14, 2017.