The Blog

Cybersecurity: U.S. Noisy But Still Supine

10:32 AM, Jun 3, 2013 • By KEN JENSEN
Widget tooltip
Single Page Print Larger Text Smaller Text Alerts

Since early April, the administration has been talking noisily—but not doing anything—regarding all the fronts of cyber defense. White House opposition effectively killed Rep. Mike Rogers’s Cyber and Intelligence Protection and Security Act (CIPSA), drafted to facilitate government-private sector information sharing on commercial cyber attacks. That’s three times since last year that this has happened. The House of Representatives passes a cyber bill and it’s dead on arrival in the Senate at the direction of the White House.

The special pathos here is that the bill is only a first baby step in meeting the cyber challenge and amounts to the authorization of nothing more than basic information sharing regarding attacks made. This is nothing more than achieving the ability to close the barn door after the horse has bolted—that is, provided that it’s the same horse and the same barn. And with cyberattacks nothing is ever the same: its practitioners aren’t that stupid.

The mainstream media has made a big deal out of the purported fact that administration toughness has gotten the Chinese to agree to talk about cyber intrusion. Gen. Martin Dempsey, chairman of the Joint Chiefs, mentioned U.S. cyber concerns to Chinese President Xi Jinping and the military leader Gen. Fan Changlong during his three-day-long tour earlier in May, and now Obama is proposing to talk cyber when he meets with Xi Jingping next month in Southern California.

There isn’t the slightest indication that we will actually do more than talk or, rather, complain. How do we know? Consider the administration’s past record with regard of Chinese cyberattacks (a scandal in itself):

Writing in the Washington Free Beacon, Bill Gertz reported on March 11 that two years ago President Obama rejected a series of tough actions against China. The options were presented to the president over a three-month period beginning in August 2011. The agent was the White House Interagency Policy Committee, a working group directly supporting the National Security Council. According to Gertz,

“The options that eventually were presented included using bilateral and multilateral diplomacy, conducting covert computer network attack operations, levying economic sanctions, and taking legal action against the Chinese government and military.”

In response to the recommendations, the Obama administration in late 2011 decided against approving a comprehensive strategy regarding Chinese cyberthreats. Officials told Gertz that the administration preferred to limit its response to diplomacy and law enforcement efforts: “The officials said the strategy deliberately played down China’s role in the theft of trade secrets and ducked effective action to avoid upsetting relations with China.” So, as with terrorism, the U.S. government is treating cyber attacks as mainly a criminal matter best addressed through law enforcement—as if U.S. courts and lawsuits mean anything to the Chinese.

While the administration currently is so busy not worrying enough about foreign perpetrators, the Department of Homeland Security is really gung-ho on domestic cyber stuff. DHS, by the way, now has more law enforcement agents than any other federal department or agency.

Secretary Janet Napolitano said recently that since its creation in 2009, her National Cybersecurity and Communications Integration Center “has responded to nearly half a million incident reports and released more than 26,000 ‘actionable cybersecurity alerts’ to state and local governments and private sector companies.” She added that the department had “prevented $10 billion in potential losses through cybercrime investigations and arrested more than 5,000” suspected cyber criminals.

Five-thousand cybersecurity-related arrests? In the United States? Why might one doubt such large numbers given the paucity of news about them? Of course, what we don’t know is how many convictions there have been or the profiles of those who’ve been arrested. Adolescent hackers? Members of Anonymous? Agents of major foreign governments? Surely not agents of major foreign governments: James Clapper says “not under current circumstances.”

So: We’ve arrested 5,000 Americans while the Chinese and Iranians continue to run amok. They get digitally tough with us, and we get digitally tough with . . . ourselves. Except, of course, when we don’t do anything at all.

Recent Blog Posts