Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

  • Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
  • Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
  • Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
    • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
    • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
  • DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
  • Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
  • Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information:

Advertisements

Report: Commission on the Prevention of WMD Proliferation and Terrorism

The bi-partisan Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism released a long-awaited report on December 4th about the current state of the WMD threat against the U.S..  The report received fairly wide coverage in both the main-stream press and on the Internet.  I’ve summarized information from a number of sources here; I haven’t read the full report yet myself, but I’ll update this post again after I’m finished reading it.

Summary:

The report:

  • States that the odds are greater than ever that the world will see an attack using a biological or nuclear weapon in the next five years.
  • Criticizes Bush administration domestic and foreign policy.
  • Offers wide-ranging recommendations on controlling biological agents and containing nuclear proliferation.
  • Offers recommendations for Congress to solve problems with oversight and funding.
  • Singles out Pakistan as the top security priority for the United States.

Recommendations:

Here are many of the key recommendations in the report:

  • Overall Terrorist Threat:
    • Work with Pakistan and other countries in the region to eliminate terrorist safe havens through military, economic and diplomatic means.
    • Secure nuclear and biological materials in Pakistan.
    • Counter and defeat extremist ideology.
  • Biological Terrorism:
    • Call an international conference of countries with major biotechnology industries to promote biosecurity.
    • Strengthen global disease surveillance networks.
    • Press for universal adherence to the Biological Weapons Convention.
  • Nuclear Terrorism
    • Constrain a nascent nuclear arms race in Asia.
    • Take steps to prevent Iran and North Korea from possessing uranium enrichment or plutonium reprocessing capabilities.
    • Set strong penalties for violators who withdraw from the Nuclear Non-Proliferation Treaty.
    • Strengthen the International Atomic Energy Agency.
    • Employ further counter-proliferation efforts.
    • Work with Russia to secure its nuclear materials.
  • Presidential Oversight:
    • Create a new post in the White House to oversee government efforts to prevent a WMD attack.
  • Congressional Oversight:

    • Empower the Homeland Security panels in the House and Senate as the sole oversight committees for these issues (as opposed to the 16 House committees and 15 Senate committees that share jurisdiction on these issues now).
    • Create a new Intelligence Appropriations Subcommittee to fund both national and military intelligence.
      • From CQ Politics: Congress ignored similar recommendations from the original 9-11 commission, which issued its report in mid-2004.

Criticisms:

There has been some skepticism and criticism of the report, and a down-playing of the report conclusions, both by homeland security veterans and members of Congress.  Much of the criticism stems from the reports’ tone of urgency and lack of emphasis on explosives and other low-tech threats.  As mentioned in Homeland Security Watch, “There’s a noticeable demotion of chemical and high explosives in the WMD threat embraced by the report.”

Official Reactions:

Senate: In a hearing Thursday, the Senate Homeland Security and Governmental Affairs Committee indicated a willingness to consider legislation to strengthen safety and security at private and federal laboratories that work with deadly biological pathogens.  Read here for more details on the committee hearing.

UPDATE 12/22: Chairman of the Senate Committee on Homeland Security and Government Affairs, Joseph Lieberman (ID-CN) and Ranking Member Susan Collins (R-ME) announced plans to introduce legislation to tighten oversight of high containment laboratories around the country that could handle deadly biological pathogens.  Click here to view the press release.

Bush Administration: Despite the report’s criticisms of US policies, the White House welcomed what it said was proof of Bush’s strong security record.  “Under President Bush’s leadership, extensive progress has been made on securing the world’s weapons of mass destruction and protecting our citizens from a WMD attack,” White House spokesman Scott Stanzel said.

Obama Administration: There is some expectation that many of the reports’ recommendations will be accepted and implemented by the Obama administration.  As reported by CQ Politics: “Several of the commissioners have advised the Obama campaign or transition, and several recommendations square with Obama’s policy views. Among the panel members, Wendy Sherman is a national security “team leader” in Obama’s transition, and Richard Verma serves on his defense transition team.” The Boston Globe reported that President-elect Obama will probably implement the recommendation for creating a position of WMD anti-proliferation chief at the White House, citing three unnamed Obama advisers.

Overall Summary:

The report will probably influence homeland security policy and funding for the next 4 years.  Diplomatically and militarily, expect an increased focus on Pakistan.  In the U.S., expect greater focus and spending on defense against biological attacks, including new legislation and rules to prevent pathogens from falling into terrorist hands through labs.  Consider preparing plans and grant requests to improve detection of and response to biological attacks.  Expect an increase in R&D funding for technology to detect and identify biological threats and verify adherence to nuclear and biological non-proliferation agreements.

Links:

Additional articles and posts about the report:

Impact of auto maker bankruptcy on Homeland Security

If you’re wondering how an auto industry bailout – or lack thereof – might affect homeland security, you’re not alone.  I’m also trying to find some good answers.

I’ve seen many articles and an exponentially increasing number of blog posts on the Big 3 bailout plan and the arguments for and against letting them go bankrupt.  But other than a few very short mentions (mostly in comments to some of the articles), I haven’t seen any attempt at an analysis of how a complete failure of one or more of the Big 3 would affect national security/homeland security; anecdotal references to the role auto makers played during World War II are the closest I’ve seen yet (see item #6 in this blog post for the longest discussion of this that I’ve found so far).

There seems to be a consensus (which I haven’t been able to trace back to any real analysis) that it would have some impact on national security for there to be no major auto manufacturing in the U.S., because if there were a real conventional war, we wouldn’t have the manufacturing capacity and expertise needed to produce the military vehicles needed to support the war.  The need to maintain conventional warfare manufacturing capabilities has been highlighted by Russia’s recent war with Georgia in South Ossetia.

However, I haven’t seen anything even mentioning other more direct potential effects of the failure of the U.S. auto industry.  For example, does the auto industry share any suppliers in common with the defense and homeland security industries (it seems likely there’s at least some overlap), and if so, how would failure of one or more of the Big 3 affect those suppliers – and the defense and homeland security companies that rely on them?

If you see anything about this (preferably with some hard data rather than just opinion – but opinion is better than nothing), please post the link or some other pointer in a comment.  This is an area where politics could have some significant unintended consequences for defense and homeland security companies, and trickle down to the rest of us in unexpected ways.  I’d like to help everyone follow it.

Thanks,
Michael