With cyberattacks constantly and relentlessly nipping at the government’s networks, the defense industry continues to see the potential for billions in new cybersecurity business in the coming years.
Already, market research reports show gobs of money being invested in protecting government computers.
But industry experts say the investment and the heightened government interest are not enough to stem the rising number of attacks by terrorist groups, potentially hostile nations and, increasingly, criminals out for a buck.
Retired Vice Adm. Michael McConnell, the former director of national intelligence, told senators Tuesday that while the Obama administration has made some progress — completing a cyberspace policy review, appointing a cyber coordinator and making new investments — more needs to be done.
“The federal government will spend more each year on missile defense than it does on cybersecurity, despite the fact that we are attacked thousands of times each day in cyberspace, and we are vulnerable to attacks of strategic significance, i.e., attacks that could destroy the global financial system and compromise the future and prosperity of our nation,” McConnell said in testimony to the Senate Commerce Committee. “Securing cyberspace will require a more robust commitment in terms of leadership, policies, legislation and resources than has been evident in the past.”
We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same.
Of course, deterrence can be effective when the enemy is a state with an easily identifiable government and location. It is less successful against criminal groups or extremists who cannot be readily traced, let alone deterred through sanctions or military action.
There are many organizations (including al-Qaeda) that are not motivated by greed, as with criminal organizations, or a desire for geopolitical advantage, as with many states. Rather, their worldview seeks to destroy the systems of global commerce, trade and travel that are undergirded by our cyber-infrastructure. So deterrence is not enough; preemptive strategies might be required before such adversaries launch a devastating cyber-attack.
Cyberspace knows no borders, and our defensive efforts must be similarly seamless.
Mike McConnell was the director of the National Security Agency in the Clinton administration and the director of national intelligence during President George W. Bush’s second term. A retired Navy vice admiral, he is executive vice president of Booz Allen Hamilton, which consults on cybersecurity for the private and public sector.