President Barack Obama has reached into the private sector and named Howard A. Schmidt as the new coordinator for cybersecurity in the administration – a new “Cybersecurity Czar,” if you will. Mr. Schmidt has his work cut out for him; balancing the many and often divergent – even parochial – interests of the many federal agencies concerned with the security of their computer systems and information. Schmidt also will have to consider the security of the government’s cyber systems as they relate to the business sector and to other governments – state, local and foreign.
The approach Schmidt takes, and the perspective he decides to bring to his new job will in large part determine whether this administration will succeed in protecting vital national security and economic data from domestic and foreign threats.
Often, the federal government trains its attention on the “big picture” – in this case, global cybersecurity – and in so doing concludes it has addressed the problem sufficiently; and then diverts its attentions to other problems. It sees the forest but not the trees.
The newest “czar” may decide to spend his time focusing on the cyber “forest” – such things as a cybersecurity treaty and national legislation giving the president broad powers over civilian cybersecurity, as for example, in draft legislation that has been floating around Capitol Hill for many months (the “Cybersecurity Act of 2009”). If he does this, he runs the risk of squandering an opportunity to make some real headway toward improving security of our working national defense systems that sorely are in need of fixing.
For example, as reported publicly in recent days, US military video technology being employed in Iraq has been compromised repeatedly. Iraqi militants have successfully hacked into American video transmissions; including those actually targeting enemy positions by our drone aircraft. This hacking apparently has been accomplished with the help of a software program called “SkyGrabber,” available on the internet for $25.95.
Obviously, the US military, in focusing on deploying high tech weaponry on the battlefield, has overlooked the low-tech interception technology available to anyone with $30 to spend. The mighty US Department of Defense seems to have forgotten the not-so-minor detail of encrypting the technology used to protect our troops and destroy the enemy.
This problem apparently is not new. As reported by the Wall Street Journal recently, for example, it has been known that US military video transmissions were vulnerable since the 1990s. In fact, senior members of the Joint Staff knew that Russia and China were intercepting and manipulating video from unmanned aircraft and Remotely Operated Video Enhanced Receiver (ROVER) since 2004. Our top military brass chose to ignore such problems with the unsecure signals because they were more concerned with roadside bomb attacks.
Congress and the Obama administration should demand accountability of the Defense Department, and ask the Joint Chiefs why technological systems have been installed hastily and not properly encrypted. Whether the new cybersecurity czar will have a sufficiently robust portfolio, backed up by the president and the defense secretary personally, to address such serious problems, remains to be seen. But if he doesn’t, problems such as those that have surfaced recently regarding the lack of cybersecurity in our operational defense and weapons systems will only worsen. And that’s just one part of his job description.