This story first appeared on the Tom Dispatch website.
As though we don't have enough to be afraid of already, what with armed lunatics mowing down military recruiters and doctors, the H1N1 flu virus, the collapse of bee populations, rising sea levels, failed and flailing states, North Korea being North Korea, al-Qaeda wannabes in New York State with terrorist aspirations, and who knows what else—now cyberjihadis are evidently poised to steal our online identities, hack into our banks, take over our Flickr and Facebook acccounts, and create havoc on the World Wide Web.
Late last year, in a 96-page report, Securing Cyberspace for the 44th Presidency, the Center for Strategic and International Studies (CSIS) warned that "America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration." In a similar fashion, Dr. Dorothy Denning, a cybersecurity expert at the Naval Postgraduate School, has just described the Internet as a "powerful tool in the hands of criminals and terrorists." And they're hardly alone.
To this fear chorus, our thoughtful, slow-to-histrionics President added his voice in a May 29th East Room address:
"In today's world, acts of terror could come not only from a few extremists in suicide vests but from a few key strokes on a computer—a weapon of mass disruption… This cyberthreat is one of the most serious economic and national security challenges we face as a nation."
Uh-oh, and as we know, cybercrime is already on the rise. According to the president, the U.S. experienced 37,000 cyberattacks in 2007, an 800% increase from 2005. He referenced a study estimating that cybercrime has cost Americans $8 billion in the last two years. A trillion dollars worth of business information has reportedly been stolen from the corporate world.
For Barack Obama, cybercrime is personal. During his bid for the presidency, someone hacked into his campaign's secure network and gained access to sensitive strategy documents and calendars.
Last year, a malicious computer virus hit the U.S. military, infecting thousands of computers and forcing soldiers to give up their thumb drives, changing the way they share information among computers. The Pentagon claims it fended off some 360 million attempts—yes, you read that right!—to break into its networks last year alone, a monumental leap from a "mere" 6 million tries in 2006.
In one such attempt, cyberspies hacked into the F-35 Joint Strike Fighter project, the Air Force's most advanced and, at $300 billion, most expensive jet fighter under production. According to the Wall Street Journal, they "compromised the system responsible for diagnosing a plane's maintenance problems during flight." In April, Defense Secretary Robert Gates told 60 Minutes' Katie Couric that the U.S. is "under cyberattack virtually all the time, every day." The Pentagon recently admitted that it spent $100 million in the past six months repairing damage caused by cyberonslaughts.
Cyberczar to the Rescue
In his speech, President Obama also insisted that help was on the way as he announced the establishment of a new Cybersecurity Office within the White House. It was, he assured Americans, meant to coordinate all government activities to protect U.S. computer networks, while promoting collaboration among a confusing landscape of federal cybergroups with "overlapping missions." Our digital infrastructure, he said, was the "backbone that underpins a prosperous economy and a strong military and an open and efficient government." As such, he proclaimed it "a strategic national asset," which meant that "protecting it is a national security priority."
All will be better, promised the Blackberry President, once his cyberczar, or "cybersecurity coordinator" is selected. "I will personally select this official," he pledged. "I'll depend on this official in all matters related to cybersecurity and this official will have my full support and regular access to me as we confront these challenges."
Keep in mind that the president is more than a little czar crazy, perhaps because the vague post of czar (of whatever) turns out not to require confirmation from a somewhat slow and balky Senate, even as it brings instant attention to some new aspect of his mega-agenda. He has already picked his Border Czar, Drug Czar, Counterterrorism Czar, Urban Affairs Czar, and Climate Czar, just to name a few. Foreign Policy counts a staggering 18 Obama czars in all. His still unnamed cyberczar will report to the National Security Council and the National Economic Council.
Many of these new czars have offices within the White House from which they can (theoretically) oversee policy, coordinate among agencies, streamline decision-making, and give a particular issue or area added weight and prominence. In reality, such appointments historically tend to put yet another cook in a chaotic kitchen, while adding a new layer of bureaucracy to already jumbled layers of the same. As Paul Light, a government professor at New York University, told the Wall Street Journal, "There've been so many czars over the last 50 years, and they've all been failures. Nobody takes them seriously anymore."
I feel better already! Except I do have a small question: How did the word "czar" morph from the title of a discredited autocrat half a world away to the description of a supposedly influential White House official? And why are all these czars jostling for power and order in a democratic government?
That aside, web-surf is up! And here's the good news: the United States is not just playing cyberdefense. Admittedly, the administration's plan for cyberoffense—you know, to hack into networks not our own—did not get as much news buzz as the cyberczar, but don't be fooled: the military is already on the job, mounting an invasion of a whole new territory, cyberspace!
The New Nightmare: Preparing for Cyberwar
Yes, the Pentagon sees cyberspace—that expansive online constellation of worlds that never sleeps even when our computers are off—as another battlefield terrain no different from the mountains of Afghanistan or the cities of Iraq (except that maybe on virtual battlefields we can actually win).
In an exhaustive 350-page look at U.S. cyberattack capabilities put out in April 2009, the National Research Council's Committee on Offensive Information Warfare concluded that "enduring unilateral dominance in cyberspace is neither realistic nor achievable by the United States." Despite that cautionary word, this very month the Pentagon has moved to establish a new Cybercommand that won't shy away from either the word "unilateral" or "dominance." CyCom, as it's already known, will "develop cyberweapons for use in responding to attacks from foreign adversaries" under the direction of Lieutenant General Keith B. Alexander, who will add another star to his three in the move from the National Security Agency to his new command.
In pursuit of the elusive, impossible dream of unilateral dominance in cyberspace, Defense Secretary Gates is looking to more than quadruple the number of cyberofficers by 2011; and though he didn't put a dollar figure on it, as the military services all rush to add "cyber" to their portfolio, the monies are going to add up fast. How much? Kevin Coleman, a consultant to the U.S. Strategic Command, which will house CyCom, estimates between $50 billion and $70 billion a year for cyberactivities in future Pentagon budgets.
Sounds good! But here's what I want to know: Can my avatar have long black hair, knee-high boots, and the pass codes to access some of those billions?
As it happens, cyberwar was a Washington preoccupation under President George W. Bush, too. Last year, his Director of National Intelligence Mike McConnell warned that a cyberattack on a U.S. bank "would have an order of magnitude greater impact on the global economy" than September 11, 2001, and he compared the potential ability of cybercriminals to threaten the U.S. money supply to a nuclear weapon. How do you fact-check such scare chatter, especially now that the global economy has proved itself quite capable of imploding with devastating impact without a cyberattack in sight?
No matter. Rest assured of one thing: even before the first bot is shot, a down-and-dirty, low-intensity conflict is already well underway. Think of it as a turf war with a twist.