rapidly dispersing cyber threats, the powerful forces of indifference and disbelief aligned against the development of our cyber defenses, and have made an argument for US preemptive cyber strikes against those who would attack us.
On a daily basis, cyberattacks successfully remove our intellectual property and military weapons plans, disrupt banking systems operations, and repeatedly steal personal information that is supposed to be secure.
The operative question: What it will take to marshal America’s resources to push us into developing effective national cyber defense capabilities?
Will it take another 9/11?
The whole must be greater than the sum of its parts. Power grid cyberattack exercises, increased cyber warrior staffing at US Cybercom, and the authorization of preemptive cyberattacks by Presidential Policy Directive 20 are individually good steps. But where is the whole? The unifying call to action?
The United States has the most advanced technology of any nation or group, far exceeding those who plan to harm us. Even the terrorists recruit, communicate, purchase and execute attacks using our social media and email tools, as there are no other such capabilities.
We also have the most sophisticated cyberattack capabilities in the world, but we use them rarely.
Given our immense capabilities and resources, leaving our unprotected critical infrastructures - our aging, largely undefended power generation and distribution facilities for example - as sitting ducks for inevitable crippling attacks is tantamount to premeditated suicide.
Where is the overarching strategy and a clear statement of purpose to protect our critical infrastructures, intellectual property, military defenses, and our very way of life?
Such a policy must come from the very top, backed with the intent to perform. We may not be able to have another Manhattan Project but we should be able to develop a Manhattan Project mentality, one that is orchestrated and executed by the US cybersecurity czar or perhaps the Department of Homeland Security.
This may sound like a reach – but it is not. The effort will succeed if it includes active participation from executive and cybersecurity resources from the top US technology organizations.
The beginnings of such a strategy might include:
- Offering a serious threat (not merely a “red line”) of preemptive cyberattacks, including actually carrying some out to show our mettle.
- A commitment to the continuation of attack prevention resources provided by the NSA.
- A crash project aimed at protecting our most critical national infrastructures - particularly the power grid - within the next 18 months.
And they are coming.
We have a pause before the storm. Let’s use the time to our advantage. Let’s keep the lights on.