Obama Preparing to Counter Cyberattacks
Published in Le Journal du Dimanche
(France) on 24 March 2013
by Adèle Smith (link to original)
Barack Obama is preparing himself for a cyberwar.
When the director of national intelligence presented his annual report to the Senate discussing the United States’ most serious threats on March 12, he did not mention, to everyone’s surprise, terrorism, but spoke at length about cyberattacks. This is a first for the United States. The American authorities do not hesitate to point the finger at China, the world’s cyberespionage champion. If we were to believe the rhetoric that has prevailed in Washington since the start of the year, the United States is even actively preparing itself for a cyberwar. Gen. Keith Alexander, director of the National Security Agency — a cryptologic security agency — and director of the Pentagon’s recently formed Cyber Command, spoke publicly for the first time about an “offensive” and possible retaliatory measures to be taken in the case of an attack. Countries, cyberterrorists, hackers — nobody will be saved if the United States is subjected to a massive attack.
President Obama, to this end, ordered that procedures be set out in U.S. military doctrine, which is classified information, stipulating what classifies as a red line and at which point he could order a cyberwar. The general public is not aware of the scope of these red lines. In order to prepare for a possible cyberwar, the Cyber Command, created with 900 employees in 2010, must recruit an army of 4,000 servicemen and civilians by 2015. Thirteen teams of “cybersoldiers” will be commissioned to lead a cyberwar against any foreign country that attacks the United States. There will also be 27 other teams that will be responsible for training and the surveillance of electric power grid, energy and Internet networks.
700,000 Experts Before 2015?
Such a need for surveillance and classified information is debatable. For the experts, however, the threat that China poses to the United States — and to a lesser extent, Iran and Russia (France and Israel have also been named in a recent National Intelligence Estimate report on cyberespionage) — warrant the utmost consideration. A report was made public by the cybersecurity firm Mandiant in February establishing the links between many cyberattacks on the United States and the Chinese army. Google, Twitter, the military defense contractor Lockheed Martin and General Motors represent only a handful of dozens of companies that have been victim to data theft attributed to China. Iran is also suspected of being responsible for a cyberattack against New York’s financial sector last August, temporarily preventing thousands of clients from accessing their accounts. The consequences were minimal, but experts link this incident to the Shamoon virus that erased the contents of 30,000 computers of the Saudi oil company Aramco.
If some people feel that the authorities are exaggerating the threat, others think quite the contrary — that the United States is not ready to face a massive attack. Congress has been working on cybersecurity legislation for the past two years. All of the experts are talking about an alarming shortage of specialists. “4,000 employees for the Cyber Command is a drop in the bucket. In its last report, the National Institute of Standards and Technologies recommended hiring a total of 700,000 experts before 2015,” remarks Kevin Coleman, an expert at the Technolytics Institute.* Cooperation between the private sector and government agencies, which is absolutely crucial in order to face the attacks, is still far from ideal.
$10 Billion to Protect Themselves
“The private sector doesn’t always understand what is the ultimate goal of cybersecurity,” explains Steven Chabinsky, the former second-in-command of the FBI’s cybersecurity unit.* Chabinsky believes that the government should focus on deterrence rather than reducing the risk. American companies spent $10 billion in 2012 to protect themselves against cyberattacks. In Washington, the authorities have already significantly increased the pressure placed on China since January. The Cyber Command, together with its Western NATO allies, has put together a manual explaining the rules governing a cyberwar. For instance, no attacks will be allowed against hospitals or nuclear power plants. In the international community, however, consensus regarding a legal framework covering cyberactivity is far from consistent. For example, the 2010 Stuxnet attack against Iran’s nuclear program (neither the United States nor Israel have admitted to playing a part in the attack), is considered by some to be a military attack but by others to be a preventative measure. The experts warn against a boomerang effect following attacks. Howard Schmidt, Obama’s former cybersecurity coordinator, believes that Pandora’s box has alas already been opened. “It was opened the day that we developed industrial automation. Those who believe that they can start a virus without suffering the consequences are playing with fire.”*
Eugene Kaspersky, founder of Kaspersky Lab, reminds everyone that, as far as he’s concerned, cyberarms, unlike conventional arms, can be “rebuilt, recharged and resent” in the opposite direction ….*
* Editor’s note: The original quotation, accurately translated, could not be verified.
When the director of national intelligence presented his annual report to the Senate discussing the United States’ most serious threats on March 12, he did not mention, to everyone’s surprise, terrorism, but spoke at length about cyberattacks. This is a first for the United States. The American authorities do not hesitate to point the finger at China, the world’s cyberespionage champion. If we were to believe the rhetoric that has prevailed in Washington since the start of the year, the United States is even actively preparing itself for a cyberwar. Gen. Keith Alexander, director of the National Security Agency — a cryptologic security agency — and director of the Pentagon’s recently formed Cyber Command, spoke publicly for the first time about an “offensive” and possible retaliatory measures to be taken in the case of an attack. Countries, cyberterrorists, hackers — nobody will be saved if the United States is subjected to a massive attack.
President Obama, to this end, ordered that procedures be set out in U.S. military doctrine, which is classified information, stipulating what classifies as a red line and at which point he could order a cyberwar. The general public is not aware of the scope of these red lines. In order to prepare for a possible cyberwar, the Cyber Command, created with 900 employees in 2010, must recruit an army of 4,000 servicemen and civilians by 2015. Thirteen teams of “cybersoldiers” will be commissioned to lead a cyberwar against any foreign country that attacks the United States. There will also be 27 other teams that will be responsible for training and the surveillance of electric power grid, energy and Internet networks.
700,000 Experts Before 2015?
Such a need for surveillance and classified information is debatable. For the experts, however, the threat that China poses to the United States — and to a lesser extent, Iran and Russia (France and Israel have also been named in a recent National Intelligence Estimate report on cyberespionage) — warrant the utmost consideration. A report was made public by the cybersecurity firm Mandiant in February establishing the links between many cyberattacks on the United States and the Chinese army. Google, Twitter, the military defense contractor Lockheed Martin and General Motors represent only a handful of dozens of companies that have been victim to data theft attributed to China. Iran is also suspected of being responsible for a cyberattack against New York’s financial sector last August, temporarily preventing thousands of clients from accessing their accounts. The consequences were minimal, but experts link this incident to the Shamoon virus that erased the contents of 30,000 computers of the Saudi oil company Aramco.
If some people feel that the authorities are exaggerating the threat, others think quite the contrary — that the United States is not ready to face a massive attack. Congress has been working on cybersecurity legislation for the past two years. All of the experts are talking about an alarming shortage of specialists. “4,000 employees for the Cyber Command is a drop in the bucket. In its last report, the National Institute of Standards and Technologies recommended hiring a total of 700,000 experts before 2015,” remarks Kevin Coleman, an expert at the Technolytics Institute.* Cooperation between the private sector and government agencies, which is absolutely crucial in order to face the attacks, is still far from ideal.
$10 Billion to Protect Themselves
“The private sector doesn’t always understand what is the ultimate goal of cybersecurity,” explains Steven Chabinsky, the former second-in-command of the FBI’s cybersecurity unit.* Chabinsky believes that the government should focus on deterrence rather than reducing the risk. American companies spent $10 billion in 2012 to protect themselves against cyberattacks. In Washington, the authorities have already significantly increased the pressure placed on China since January. The Cyber Command, together with its Western NATO allies, has put together a manual explaining the rules governing a cyberwar. For instance, no attacks will be allowed against hospitals or nuclear power plants. In the international community, however, consensus regarding a legal framework covering cyberactivity is far from consistent. For example, the 2010 Stuxnet attack against Iran’s nuclear program (neither the United States nor Israel have admitted to playing a part in the attack), is considered by some to be a military attack but by others to be a preventative measure. The experts warn against a boomerang effect following attacks. Howard Schmidt, Obama’s former cybersecurity coordinator, believes that Pandora’s box has alas already been opened. “It was opened the day that we developed industrial automation. Those who believe that they can start a virus without suffering the consequences are playing with fire.”*
Eugene Kaspersky, founder of Kaspersky Lab, reminds everyone that, as far as he’s concerned, cyberarms, unlike conventional arms, can be “rebuilt, recharged and resent” in the opposite direction ….*
* Editor’s note: The original quotation, accurately translated, could not be verified.