The United States invented the Internet, Silicon Valley firms dominate the tech industry, and much of the web’s key infrastructure resides within American borders. But now the White House believes cyberspace may have become an Achilles’ heel for the United States.
For more than 40 years, the West — and the United States in particular — along with much of the developed world “have been able to leverage cyberspace and the Internet as a strategic advantage,” Michael Daniel, the top White House adviser for cybersecurity policy, said Thursday. Without action to address what he called the “underlying, fundamental cybersecurity challenges,” the United States risks turning the Internet into a “strategic liability,” he told an audience at the New America Foundation in Washington.
Earlier this week, the White House rolled out a $19 billion spending proposal to boost U.S. cybersecurity, which Daniel said begins to address these problems. The plan increases federal spending on cybersecurity by about a third and includes initiatives to overhaul outdated — and sometimes ancient — federal computer systems and improve cybersecurity education. Additionally, President Barack Obama will establish a commission of outside experts to deliver computer security recommendations to the federal government, and will appoint a federal chief information security officer.
Obama and his lieutenants are casting this initiative — branded the Cybersecurity National Action Plan — as part of a strategic effort to deter American enemies in cyberspace. “Keeping America safe is not just a matter of more tanks, more aircraft carriers; not just a matter of bolstering our security on the ground,” Obama said in announcing the initiative. “It also requires us to bolster our security online.”
The president’s cybersecurity initiative focuses mostly on the nuts and bolts of the domestic American cybersecurity infrastructure. And Daniel appeared cautious Thursday in predicting the plan will deliver huge dividends in hardening computer system. Instead, he told Foreign Policy, it is “putting us on a path” to improve cybersecurity “across the federal government and our society.”
Facing persistent efforts by hackers tied to both the criminal underground and states such as China and Russia to steal government and corporate secrets, U.S. officials have struggled to figure out how to prevent attacks. Threatening sanctions against China last year forced Beijing to pledge it will end its massive campaign of economic espionage against the United States.
The overall American deterrence strategy warns that the United States will respond to cyberattacks at a time, place, and manner of its choosing. But what actually constitutes an “attack” remains vague.
Nonetheless, Daniel told FP, “the adversaries are beginning to learn that it is actually sometimes easier to attack us in the cyber domain than in any other area.”
The White House initiative to strengthen federal computer systems may make such attacks more difficult, but the government has a long way to go. Federal civilian agencies rely in part on a system known as Einstein to protect their network, but according to a Government Accountability report released last month, the $5.7 billion system mostly cannot block the most sophisticated threats.
The latest version of that software, known as Einstein 3A, does have some ability to block threats to federal networks, but it has only been adopted by half of federal agencies.
KAREN BLEIER/AFP/Getty Images