Cyber security: The new arms race for a new front line
The Pentagon – and a growing cyber industrial complex – gears up for the new front line: cyberspace. Cyber defense is necessary. But it could cost us.
(Page 3 of 6)
"If you're an auto parts manufacturer and your data is stolen, that's sort of like if your home got burgled – it's up to you whether you want to tell your friends or not," says Brito. "But if you're a company and you are breached in a way that might put your customers' data at risk, then you should be required to tell someone."Skip to next paragraph
In Pictures Keeping watch: security or privacy invasion?
Subscribe Today to the Monitor
Pentagon stakes out turf
In the meantime, the US military is forging ahead with its own cyberdefense plans. While the Posse Comitatus Act largely bars the US military from getting involved in law enforcement endeavors, a new Department of Defense publication argues that the Pentagon can provide "law enforcement actions that are performed primarily for a military purpose, even when incidentally assisting civil authorities," notes Aftergood.
That includes cyberattacks, under the category of "complex catastrophe" – a "new addition to the DOD lexicon" introduced in the DOD report, he adds. "There is some turf-marking that seems to be going on on the part of the Pentagon."
It's a lexicon that has been embraced, too, by defense contractors eyeing the end of the war in Afghanistan and vying for their next business opportunity. Half of Booz Allen's $5.8 billion annual revenue comes from US military and intelligence agency contracts. Former NSA Director Mike McConnell now heads the company's "rapidly expanding" cyber division (earning $2.3 million a year to do so) and has likened cyberattacks to weapons of mass destruction. His division has a $5.6 billion, five-year intelligence analysis contract to protect networks in the Pentagon's Defense Intelligence Agency.
Some analysts worry that the big money involved could encourage fearmongering.
"If you're in the business of selling safeguards against cyberthreats, as many large firms are, you have an incentive to hype the threat," Aftergood says. "I don't want to be overly cynical about this and say that just because there is financial incentive, the threat is bogus, but it is a challenge to sort through the various claims and chart a way forward."
Industry specialists point out, however, that the business is lucrative because the cost of cybertheft is high and growing. A recent report by the Ponemon Institute, an independent security policy research group, surveyed 56 multinational companies and found the average annual cybertheft losses were $8.9 million per company, up from $8.4 million in 2011. Companies in the study reported a total of 102 successful attacks per week. (By way of comparison, there are more than 15,000 DOD computers in 100 countries, which are probed "thousands of times a day," according to a top Pentagon official who briefed reporters in February. "And we have not always been successful in stopping intrusions.")
Against this backdrop, plans leaked earlier this year that the US military is quickly working to increase the size of its cyber forces in its premier computer defense arm, US Cyber Command, from 900 to 4,900 during the next two years.
One-third of these will be designated "national mission forces," with special training in protecting critical infrastructure like power plants at national "cyber ranges" where they can practice and hone their skills. The group is slated to be ready to be up and working by the end of the month.
One-third more will be "cyber-protection forces" to defend the Pentagon's networks, and the final third are designated "combat mission forces" responsible for counterattacks and other offensive operations by September 2015.
The unprecedented growth in these forces is "also a recognition that the problem has become so great that they need to act quickly," says Alan Paller, founder of the SANS Institute, a private firm that is one of the premier training organizations for the US Air Force. "And it's a recognition that in this arena, the skills are the weapon."
Fine lines between offense and defense