Broken record theme: We’re moving too slowly on cyber defense

Deputy Defense Secretary Ashton Carter reiterated the Pentagon’s gripe yesterday that Congress and the U.S. government as a whole are moving far too slowly in figuring out how to protect the networks of utility companies and banks from strategic cyber attacks. "When it comes to dealing with these issues of safeguarding the nation as a ...

U.S. Department of Defense
U.S. Department of Defense
U.S. Department of Defense

Deputy Defense Secretary Ashton Carter reiterated the Pentagon's gripe yesterday that Congress and the U.S. government as a whole are moving far too slowly in figuring out how to protect the networks of utility companies and banks from strategic cyber attacks.

"When it comes to dealing with these issues of safeguarding the nation as a whole from a cyber attack, we're working our way through all these issues, my own view is, way too slowly. We're still vulnerable, the pace is not adequate," said Carter. "We were hoping for some legislative relief this summer out of the Congress, and I hope this isn't going to be one of those situations where we won't do what we need to until we get slammed."

Deputy Defense Secretary Ashton Carter reiterated the Pentagon’s gripe yesterday that Congress and the U.S. government as a whole are moving far too slowly in figuring out how to protect the networks of utility companies and banks from strategic cyber attacks.

"When it comes to dealing with these issues of safeguarding the nation as a whole from a cyber attack, we’re working our way through all these issues, my own view is, way too slowly. We’re still vulnerable, the pace is not adequate," said Carter. "We were hoping for some legislative relief this summer out of the Congress, and I hope this isn’t going to be one of those situations where we won’t do what we need to until we get slammed."

Carter’s comments echo those made by senior Pentagon officials for several years on the risk of a massive cyber attack that could catch the United States flat-footed due to legislative inaction.

This summer’s cyber legislation, dubbed the Cybersecurity Act of 2012, called for basic information-sharing between private companies that control critical infrastructure (finance, utilities, Internet service providers, defense contractors, etc.), and the government about cyber attacks; it also established minimum network security standards. Senate Republicans nixed the bill in August, citing concerns that even minimum security standards would be too restrictive on private businesses.

"Most of those networks are not owned or controlled by us, they’re owned and controlled by private entities who typically fail to invest or under-invest in their own security," said Carter during a speech at the Air Force Association’s annual confab just outside Washington. "When we offer to assist them, we run up against a lot of barriers that we’re slowly trying to knock down and reason our way through."

In addition to Republican resistance to government security regulations, the government’s ability to protect critical infrastructure is hampered by both privacy and antitrust concerns.

"When we provide information to Company A, do we have to provide the same information to Company B?" asked Carter. "Can Company A provide information to Company B, or does that violate antitrust laws? Can Company A provide information back to the United States, or is that providing personal information to the government? … These are all tough problems."

DoD cyber officials insist that the government is not interested in collecting individuals’ information, only basic digital information on specific cyber attacks. The bill that was defeated in August contained provisions that restricted the amount of personal information about network users that private companies could share with the government, a move that was lauded by civil liberties groups.

"If you’ve ever seen a signature, basically a string of numbers in hexadecimal format that’s mostly unintelligible unless it’s read by a machine or an antivirus program," Eric Rosenbach, deputy assistant secretary of defense for cyber policy, told Killer Apps during a Sept. 4 interview. "That type of information, technical information, is what’s most valuable to information sharing, it’s not the personally identifiable information that we’re interested; it’s the type of information that could help you stop an attack if you know what you’re looking for." 

An earlier version of this post incorrectly referred to Carter as undersecretary of defense. Killer Apps regrets the mistake.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.