Is the recent focus on the “cyberwar” intended to build support for more government monitoring?
Homeland Security secretary Janet Napolitano emphasized in her keynote speech at the RSA conference last week the need for greater collaboration between the government and private sector in order to effectively address cybersecurity challenges facing the U.S. In what amounted to an open call for participation by the private sector, Napolitano announced DHS’ new National Cybersecurity Awareness Campaign Challenge, an initiative intended to come up with ideas on the best ways to raise security awareness not just among government agencies and private sector organizations, but among the public at large. The reiteration of what has become a consistent theme from administration officials comes amid an intensifying public debate about the state of information security in the U.S. and particularly the country’s ability to protect its critical infrastructure from a major cyberattack. In recent days senior officials from both the current and previous administration have taken sides on the issue of America’s position in the the “cyberwar.” Outspoken former director of national intelligence Michael McConnell’s took to the op-ed pages of the Washington Post last weekend to argue both that our country is engaged in a cyberwar, and that we’re losing. Current administration cyber czar Howard Schmidt responded during an interview with Wired magazine during the RSA conference, declaring “There is no cyberwar.” This debate was sparked to its current level of acrimony in part by the recently conducted Cyber Shock Wave exercise, some observers of which concluded that it exposed significant gaps in preparedness that called into question how effectively the government could respond to a large-scale incident if one occurred.
Leaving the semantic debate about the “cyberwar” aside, what seems unambiguous is the government’s intention to do more to establish and maintain situational awareness of the nation’s critical infrastructure. Given how much of that infrastructure is owned and managed in the private sector, there doesn’t seem to be a feasible approach to improving overall cybersecurity without the private sector playing an integral role. In this context it also seems non-coincidental that the government is giving public notice of its intention to someday provide comprehensive monitoring of all critical infrastructure, not just government networks. The mechanism for this would presumably be the Einstein program, administered by DHS but operated by the National Security Agency (NSA), which has long alarmed privacy advocates concerned about the prospect of the government potentially reading the personal communications of private citizens. Some in the media are now suggesting that cyber-hand-wringing by McConnell and others is really intended to garner public support for the expansion of telecommunications monitoring programs by the government. Whether or not you find this argument convincing, there is a pretty strong precedent in the form of the USA PATRIOT Act for the government using evidence of weaknesses in the national security posture to greatly extend government authority in the name of national security, at the expense of civil liberties and personal privacy rights.