Cyber war is more than a threat, it is something the Department of Defense is spending money on as we speak. Deputy Secretary of Defense Ashton Carter outlined six ways the DOD is taking action today, as well as legislation he believes can help the government act quickly against hackers at home and abroad.
“Cyber will overtake terrorism as the persistent gnawing … kind of threat and danger,” said Carter at the RSA Conference in San Francisco today. “The market, both economic and political, undervalues security at the moment. Doesn’t see it. Doesn’t fully get it. This is wrong, this is a mistake.”
The DOD is charged with protecting the United States not only with ships, airplanes, and tanks but also with cyber weapons. Former National Security Agency director Mike McConnell pointed out that if terrorists find their way into our banks, the ensuing economic havoc could result in greater devastation than that of 9/11. He said the US must be prepared not only to defend itself on the Internet but also to fight back. Six core DOD missions speak to this responsibility:
- Developing and preparing to use weapons of cyber warfare
- Preparing the U.S. for what the battlefield may look like
- Listening for and analyzing defense intelligence over the Internet
- Defending both classified and unclassified networks
- Creating technology using the DOD’s and the NSA’s “weight and resources” and distributing them to Homeland Security, law enforcement agencies, and partners
- Protecting these tools and infrastructure with the military.
The DOD is spending half a trillion dollars to run these projects, according to Carter. He says he has never heard of anyone wanting to cut the budget back. Indeed, he would like to increase the spending if he can find worthy areas to develop. However, despite governmental support, he wants the technology sector to help push the agenda further. The legislation Carter is pushing for would allow the government to act more freely with the public sector to develop tools. He explained it would enable the government to share threat information with the private sector and would enable public companies to report intrusions “without liability or trust concerns.” It would also allow members of the private sector to share threat information with each other “without liability or trust concerns.” And, if passed, it would force companies to report intrusions to the government.
Carter is aware that legislation and bullet points are small steps but asks that the security industry understand that “trying to get our act together as a country … is not an easy thing to do.”
“Of course, we were involved in birthing the Internet itself,” said Carter, “We have a history here, and we’re going to continue it.”