Cyber Wakeup Call?

The theft of hundreds of thousands of secret diplomatic cables and military reports was an act of espionage and treachery. Their release was an act of sabotage. The U.S. government’s response to both has been distressingly feckless.

First and most obviously, how is it possible that those responsible for security at the Departments of Defense and State did not foresee – and take measures that would have prevented — a 22-year-old Army private not just from accessing but also downloading such classified information? Officials up to and including the Secretary of State have said that the government was just attempting to break down the walls between various agencies.  Credible? Not even close.

Second, after the first WikiLeaks document dump back in July, why did a computer worm or virus not find its way into WikiLeak servers and destroy them? Yes, that would have caused an uproar in some circles. So what? Government spokesmen would do the one thing they know how to do: deny complicity or simply refuse comment.

Instead, we’re hearing Pentagon spokesmen say it’s not that the U.S. lacks the means to put WikiLeaks out of business but that such a response would have been excessive in this instance. Really? As satisfying as it is for national security hawks like me to have hard evidence that Arab leaders are terrified by the prospect of nuclear-armed Jihadis in Tehran — and are demanding that America “cut off the head of the snake” — the fact is these disclosures will be hugely damaging to U.S. diplomatic efforts.

But the alternative explanation is that America’s cyberwarriors have not yet mastered their trade.  If you don’t grasp how consequential that is, listen to Mike McConnell who served as director of the National Security Agency under President Clinton and as Director of National Intelligence under President Bush. Earlier this year, he told a Senate committee that the threat of cyber attacks “rivals nuclear weapons in terms of seriousness.”

That’s because enemy cybercombatants are developing cyberweapons that could shut down our electrical grid (causing blackouts of indefinite duration) or destroy the electronic records and processes on which our financial systems depend.

China or Russia would probably utilize such a capability only in the event of a serious conflict breaking out with the U.S. – which is bad enough. But Iran, for more than three decades, has considered itself at war with “the Great Satan.” President Mahmoud Ahmadinejad might view such a cyberattack as contributing toward his long-term goal: “A world without America.”

Wouldn’t we retaliate with a rain of fire? We might not know for certain that Iran was responsible. It also is possible that Iran’s current rulers would not care if we did. “We do not worship Iran, we worship Allah,” the Ayatollah Khomeini, leader of Iran’s Islamic Revolution, said in 1980. “For patriotism is another name for paganism. I say let this land [Iran] burn. I say let this land go up in smoke, provided Islam emerges triumphant in the rest of the world.”

Cyberspace is not the battlefield of the future – it’s the battlefield of the present. If we didn’t know that before we should know that now, thanks to Stuxnet, a computer worm that has worked its way into Iran’s nuclear facilities and – encouragingly — done significant damage to them. Deductive speculation has led many to the belief that the Israelis developed this sophisticated search-and-destroy device. Did Americans partner with them? I hope so. 

In his Senate testimony, McConnell warned that we “lack a cohesive strategy” to meet the challenge of the cyberarms race now underway. Chinese military analyst Wang Huacheng has described America’s reliance on information technology and the Internet as the country’s “soft ribs and strategic weakness.” Chinese forces are known to have penetrated Sandia National Laboratories and several U.S. military sites. Air Force Maj. Gen. William Lord said the Chinese downloaded “ten terabytes of data, the same amount contained in the Library of Congress.”

Jim Lewis, director of the Center for Strategic and International Studies, has added that three years ago “we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor. Some unknown foreign power, and honestly, we don’t know who it is, broke into the [computer systems of the] Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA.”

Since that time, building defenses that enemy cybercombatants cannot breach should have been a top priority for the White House and Congress. Will it become one as a result of the WikiLeaks fiasco? If not, what will it take?

Clifford D. May is president of the Foundation for Defense of Democracies, a policy institute focusing on terrorism and Islamism.