Thursday, March 31, 2011

Whose Cyberspace Is It?

Whose Cyberspace Is It?: "When folks at the Pentagon dreamed up the idea of Cyber Command – a Defense Department entity that would protect U.S. military information networks from cyberspace attacks – one of the issues raised was: Just how much of cyberspace is the new command going to protect?

blog post photo
(U.S. Navy photo by Scott A. Thornbloom)

Cyber Command was activated last year, but after testimony at a Senate hearing this week it appears the question of how wide-ranging the command's mission will be is not completely resolved.

At issue: can, or should, the Department of Defense (DoD), be responsible for protecting all of U.S. cyberspace, most of which -- like the electric grid, telephone networks and U.S. financial markets -- is in the private sector.

While some say the Pentagon should have that responsibility – after all the grid and communications are vital to national security -- current federal law bars the military from acting like a policeman on U.S. soil, except in emergencies like an insurrection. Federal privacy laws are also confusing about how far the military can go in securing cyberspace.

Air Force Gen. Robert Kehler, the head of U.S. Strategic Command (STRATCOM) – which oversees Cyber Command – says he still doesn't have all the legal authority he needs. However, Kehler told Sen. John McCain he was working on it – in conjunction with the Department of Homeland Security (DHS).

DHS is the lead agency when it comes to safeguarding critical U.S. infrastructure -- including civilian government computer systems. It also is responsible for coordinating the defense of industry information networks with the private sector. 'So there are limits to what DoD can do today,' Kehler told the Arizona senator.

McCain, who is the senior Republican on the Armed Services Committee, said he is “concerned that the Department of Defense lacks both the necessary legal authorities and the sufficient trained personnel to fully perform its critical role in the realm of cybersecurity.”

“A lot of us feel that is the new battleground of the 21st Century,” McCain said. In 2008, a U.S. military facility in the Middle East was hacked with malicious code that could have allowed classified and unclassified data to be transferred. The year before, the information networks of Estonian government ministries, banks and media outlets were attacked. And cyberwarfare is believed to have brought down Syrian air defense systems, allowing Israeli jets to fly in undetected and destroy a suspected nuclear facility under construction. In 2010, Iran’s nuclear facilities were attacked by sophisticated malware, known as the Stuxnet worm.

McCain noted that the issue has been bouncing around among congressional committees from intelligence and armed services to homeland security. “And everybody’s got a different idea.”

Sen. Joe Lieberman, another Armed Services Committee member – who is also chairman of the Senate Homeland Security Committee – said it was time to break down the jurisdictional barriers. “We’re not adequately defended from cyber attack today,” said the Connecticut independent, adding that there was an “urgent need” to get beyond “classic Senate committee turf battles” and pass legislation this year clarifying authority for the protection of U.S. cyberspace.

The issue of authority was raised a few weeks ago at a House Armed Services Committee hearing when the head of Cyber Command, Army Gen. Keith Alexander, said “we do not have the capacity to do everything we need to accomplish.” To put it bluntly, he added, “We are very thin and a crisis would quickly stress our cyber forces.”

Meanwhile, Kehler said DoD has a pilot program with industry to explore what authorities are still needed. Sen. Carl Levin (D-Mich.) chair of the Armed Services Committee, said legislative efforts are being organized to ensure the department and other agencies “have all the authorities they need and that they work together to make sure there are no cracks in our defense.” Levin said one aim was to clarify not only who has protective authority but “responsibility for the response [to an attack] as well.”


No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...