Washington Post: The burden of cyberdefense
For the past couple of years, Gen. Keith Alexander, the head of both the National Security Agency (NSA) and the U.S. Cyber Command, has been outspoken in warning that private-sector computer networks, upon which the U.S. economy depends, are vulnerable to intrusion.
Gen. Alexander stated repeatedly that such attacks attempts at espionage, intellectual property theft or sabotage should be met with stronger defenses that would require the sophisticated tools of the government. He argued this case before Congress, which considered legislation that would have eased the way for closer cooperation between the government and the private sector. The legislation made sense, but Congress failed to reach agreement on a bill in the last session.
Now a new factor has intervened that seems to have further darkened the prospects for legislation: the disclosure by Edward Snowden, the former government contractor, of wide-ranging telephone and internet surveillance of Americans by the NSA under Gen. Alexander's leadership.
As The Post's Ellen Nakashima reported on Thursday, companies have long been skittish about sharing data with the government, fearing harm to their reputations and potential lawsuits for privacy and other violations. The revelations of broad NSA surveillance have raised fresh doubts in corporate executive suites about closer collaboration.
Gen. Alexander has argued that the government is only interested in defending against cyberthreats and has no intention of scooping up other information. But many executives and legislators are in no mood to give the government the benefit of the doubt. The House passed cybersecurity legislation in April, but its chances in the Senate appear to have evaporated.
As Congress was balking, President Obama stepped in in February with an executive order that included some modest steps to help companies deal with cyberthreats. But his order does not go as far as sharing the powerful tools of the NSA in detecting and fending off malware, theft and exploitation in the private sector. Most of the government's tools are classified. Without legislation, sharing seems unlikely, and that means corporate leaders will face cyberthreats on their own.
Gen. Alexander's alarms remain valid. But the political ground has shifted. The U.S. government is not going to come to the rescue any time soon of companies under siege by cyber burglars and bullies.
The debate must shift to how data networks the backbone of commerce, education, science, medicine, news and much more can be secured by the companies and organizations that own them. They are going to have to raise their game and improve their defenses without the wizards at Fort Meade.