Pentagon Looks to Seriously Beef Up Cyber Security
In what appears to be the sign of a coming cyberwar arms race, the Pentagon is reportedly going to shore up its cyber security forces to defend critical domestic networks. It also aims to carry out more offensive operations, as reported on Sunday by both the Washington Postand the New York Times.
According to anonymous U.S. officials, the Pentagon has approved a plan — yet to be made official — to expand its Cyber Command, hiring more than 4,000 troops and civilians, a significant increase from the current corps of 900 employees. The intention is to improve defenses over critical cyber-infrastructure at home while boosting the Pentagon’s ability to strike abroad, perhaps with cyber attacks like Stuxnet or Flame, which rumors indicated were a joint operation by the U.S. and Israel.
The Cyber Command will reportedly be split in three different arms. “National mission forces” will protect critical infrastructure like the electrical grid and power plants; “combat mission forces” will carry out offensive operations; and “cyber protection forces” will focus on protecting the Pentagon’s own computer systems.
The plan raises a series of concerns. For starters, is this a sign of a cyber arms race that’s only going to intensify in the future?
“I am a little worried that we are rushing ahead with no clear view how these new weapons can and should be used,” Adam Segal, a cybersecurity expert at the Council on Foreign Relations, told Mashable in an email. “Other countries are already developing these capabilities, so it is not as if the U.S. alone creates the situation, but these announcements certainly reinforce the sense that there is a developing arms race in cyberspace.”
The decision comes as military officials, as well as members of the administration, continually tout the risk of a “cyber 9/11″ or “cyber Pearl Harbor,” underscoring the need for the Department of Defense to be prepared for this new aspect of warfare. “The threat is real and we need to react to it,” said William J. Lynn III, a former deputy defense secretary who has worked on the Pentagon’s cybersecurity strategy. Security experts have expressed their doubts about these claims, however, saying the threat has been “exaggerated.”
Another concern is how much the Pentagon should work in conjunction with the National Security Agency, the massive electronic-spying arm of the U.S. government. The NSA’s mission, as established in Executive Order 12333 is to collect “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons.”
It’s unclear how the NSA can keep following those guidelines while working more closely with the Pentagon in domestic cybersecurity operations. The NSA “as foreign intelligence gathering apparatus,” explains Segal, “has a difficult time legally defending networks within U.S. territory because of privacy concerns.” Of course, it wouldn’t be the first time the NSA found itself in muddy waters, having to deflect accusations of spying on Americans. Furthermore, the head of the Cyber Command, Gen. Keith Alexander, is also the director of the NSA.
There are also concerns on how the Pentagon will be able to pull off such a large expansion when defense spending is being cut across the board. “Where are they going to get all the people from?” asks Segal.
“U.S. Cyber Command already has problems with training and retention. That will be the other big arms race — for talent.”
Sean Connelly, a U.S. government contractor who has been working on cybersecurity initiatives for the past eight years, agrees. “My long-term personal concern is to answer how the different government agencies will be able to retain quality cyber talent,” he writes in an email to Mashable. “Cyber operations is an area where most every business and industry will require some level of cyber talent to protect themselves. This broad increase in demand of specialized cyber talent will only make it a seller’s market for such talent. How will the U.S. government be able to compete with the industry as a whole to maintain a long-term corps of analysts?”