As dependence on computers has grown, so have the odds that we could experience cyber-disruption of everything from our finances to air travel to electricity—and there’s surprisingly few bulwarks in place to stop it. The Pentagon, however, now seems poised to rectify that.
Plans to increase the Department of Defense Cyber Command by about 4,000 people—more than four times the amount currently staffed—were unofficially announced in the Washington Post and New York Times last week.
“The threat is real and we need to react to it,” William J. Lynn III, a former deputy defense secretary who worked on the Pentagon’s cybersecurity strategy, told the Times.
Although the plan isn’t yet final, officials speaking anonymously told the Post that the added resources would be divided into forces that protect national infrastructure such as electrical grids and power plants, those that use technology to aid combat missions, and others to defend Defense Department computer networks. The forces are expected to focus on overseas threats to military networks (unless asked to do domestic work by agencies such as the FBI), according to the Post’s anonymous official.
“There’s no intent to have the military crawl inside industry or private networks and provide that type of security,” the official said.
While there’s not much dissent on the need to address an increasing range of cyberthreats, there are concerns about how and when this vast new force will be employed.
“What concerns us is not the growth of forces but the way it is happening behind the scenes,” writes the editorial board of the Washington Post. “The U.S. Cyber Command is a military unit, but its chief, Gen. Keith Alexander, is also director of the National Security Agency, which is part of the intelligence community. So far, operations and deployments are being handled almost entirely in secret.”
The shadowy line between Cyber Command and NSA isn’t insignificant. As a military operation, Cyber Command counterterrorism measures need to be carried out under the rules of war, where NSA missions have wider authority to make secret strikes in non-war zones.
And if that wasn’t enough uncertainty, a “secret legal review” has determined the President has lots of leeway in launching a preemptive cyberstrike if an attack seems eminent, according to a New York Times story published Sunday. But don’t fear yet another anonymous official told the Times. The understanding is that cyberweapons are the new nukes.
“There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the Times quotes the official as saying. “There are very, very few instances in cyberoperations in which the decision will be made at a level below the president.”
While there may be good reason to fret about how missions are carried out in the absence of open, transparent policies, the addition of more forces to fight cybercrime is step in the right direction, officials say. Cyberterrorists don’t seem willing to wait for regulations to be put into place.
“Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” Lynn told the Post. “The only question is whether we’re going to take the necessary steps…to deflect the impact of the attack in advance or…read about the steps we should have taken in some post-attack commission report.”
Jolie Breeden is the lead editor and science communicator for Natural Hazards Center publications. She writes and edits for Research Counts; the Quick Response, Mitigation Matters, Public Health, and Weather Ready Research Award report series; as well as for special projects and publications. Breeden graduated summa cum laude from the University of Colorado Boulder with a bachelor’s degree in journalism.