An electronic Pearl Harbor
By Randy Forbes
In 2007, an unknown foreign power broke into the Department of Defense, the Department of State, and the Department of Commerce, and it likely also broke into the Department of Energy and NASA, although it cannot be known for sure. The foreign power stole millions of pieces of government information, equivalent to the amount of information held at the Library of Congress. And they did it without stepping foot into any one of the agency buildings. It was all done electronically. The intrusion is one of the largest known cyberattacks our nation has faced — it has been coined the electronic Pearl Harbor.
Every day, some sort of cyberattack is waged against our nation’s electronic systems. In fact, cybersecurity attacks against the United States are rising drastically every year. In 2006, there were 5,503 attacks on our nation, according to data from the Department of Homeland Security. In 2007, it was 13,029. By 2008, it was 16,483. In fact, during the first half of 2009, there were reported at least 43,785 incidents of malicious cyber activity directed against the U.S. Department of Defense alone. These incursions came from a variety of sources, ranging from criminal hackers to foreign governments. The remediation cost the Defense Department more than $100 million. That figure does not even account for the significant cost of data lost to cyber espionage.
Many individuals do not realize the extent to which cyberattacks could impact us as a nation. The United States is more dependent on our computer systems than any other country — from military readiness to transportation and energy grids to banking systems to national security operations to civilian infrastructure. An infiltration of any of these systems could sabotage power plants or financial markets with an online attack, stop transportation systems with a hacking of communication systems, or result in billions of dollars in annual losses to businesses around the globe. The cyber intrusions reported by Google several months ago are a reminder of just how close these attacks are to reaching American citizens on a very personal level.
The most egregious actions — and potentially the most dangerous to U.S. security — have come out of China. Some of the more sophisticated military analyses from China’s armed forces propose to enhance the ability to attack an adversary’s satellite communications and sensor systems, critical transportation and energy infrastructure, ports of air and sea embarkation, and military command systems.
Last year, President Obama labeled cyberattacks “one of the most serious economic and national security challenges” that the country faces and FBI Director Robert S. Mueller III has said that “a cyber-attack could have the same impact as a well-placed bomb.”
Yet, we are being infiltrated every single day with little being done to make cybersecurity a top priority.
Just this week the Government Accountability Office released a report stating that the country’s approach to cybersecurity falls drastically short. Among the findings in the report, the GAO noted that there is no coherent plan stating who is in charge at the federal government level. They also noted that national goals have yet to be established in terms of priorities in protecting our cyber systems.
The alarming truth is this: when it comes to cybersecurity, the United States is falling behind. This weakness leaves us vulnerable to threats emanating around the world. Make no mistake, the global aspects of cyberspace present key challenges for our nation and the establishment of a solid cybersecurity initiative will take great effort. But it is not enough to simply promise to deter and protect our national systems; we need to have a whole-of-government and state-of-the art strategic cyberdefense plan.
According to the GAO, one of the critical challenges for us as we move forward is developing such a comprehensive national strategy that specifies overarching goals and a way to measure the success of those goals. Because cybersecurity spans the breadth of the public and private sector, it is important that we create a dialogue now among business, civil society and government regarding the challenges we face in cyberspace —spanning international law, privacy and civil liberties, security, and the architecture of the Internet.
Earlier this year, I requested a hearing in the House Armed Services Committee, on which I sit, to begin that dialogue in Congress. The purpose of the hearing would be to investigate the impact of cyberattacks on the United States military so that we can begin taking proactive steps at developing a strategic cybersecurity plan. In addition, I am a member of the House Cybersecurity Caucus, whose purpose is to actively create dialogue among members of Congress to identify challenges and make recommendations on cybersecurity. Beginning this dialogue in Congress will help draw attention not only to the need for a cybersecurity plan, but also to an understanding of the resources necessary to get us there.
We cannot afford to wait until a catastrophic event occurs before we take steps to solve this challenge. We must make our cybersecurity a national priority by implementing a lasting national strategy now. Until we do so, the United States will be at a disadvantage in protecting its national interests in the realm of cyberspace.