The government shutdown and threat of default leaves most Americans concerned about the loss of government services and the possible detrimental economic impact.
Looming in the background, but no less important, is the effect on U.S. Cyber Operations, and in particular, our defense in the high-tech realm.
Below, Matt Bearzotti, Manager, AFA Government Relations, takes a deeper look into U.S. Cyber Operations and how today’s policy climate affects that critical mission.
Director of Government Relations
Air Force Association
Shutdown’s cyber consequences:
Congress’ inability to fund the government severely hurt U.S. cybersecurity and cyber efforts, while likely providing an advantage to would-be terrorists and the cyber branches of adversarial nation states.
Roughly 60% of the intelligence community’s civilian workforce was furloughed during the first week of the shutdown, including workers at the National Security Agency (NSA) and U.S. Cyber Command.
In addition to the lapse in cyber defenses and counter terror efforts the shutdown caused, it also did some damage to the morale of the civilians that make up a large part of the workforce providing cyber capabilities to the nation – many of whom could be making more money for similar work in the private sector.
The shutdown is also slowing work between U.S. industry and the government on the national cybersecurity framework, a policy measure being developed to bring the public and private sectors together to increase the nation’s ability to protect itself in cyberspace, particularly with respect to critical infrastructure like the electric grid, banks, water supply, and transportation, etc.
However, the shutdown has stopped the federal agency (the National Institute for Standards and Technology or NIST), leading those efforts from issuing its first draft of standards guidelines, which was due October 12.
Separate from the immediate budget impasse, Congress remains focused but divided on issues that surfaced due to the Snowden leak of NSA programs. Divisions on the Hill are not lining up based on the usual partisan lines but instead seem to be corresponding to member committee jurisdictions.
For example, the Senate Intelligence Committee has postponed work on a bill that would seek to restore trust in the NSA, while the Judiciary Committee is set to continue working through the shutdown on hearings, and plans to further restrain the agency’s capabilities and authorities.
And no matter what the shutdown or debt ceiling results are, major cybersecurity legislative initiatives will go nowhere in 2013, despite the fact that some (such as the Cyber Intelligence and Protection Act or CISPA) have been under consideration since 2012 or before. In the meantime, industry and the government are cooperating to develop a cybersecurity framework (initiated by Executive Order earlier this year).
The policy outline is due to be completed by February 2014, but as noted above, delays caused by the government shutdown could cause a schedule slip.
General Keith Alexander, Commander of NSA and U.S. Cyber Command, recently spoke in Washington, D.C. about the balance that must be struck between informing the American people of the government’s cyber capabilities and practices, vs. tipping off U.S. adversaries to methods and intelligence.
He acknowledged that there is a trust gap between the agencies he runs and the average citizen, but pointed to the media’s coverage of the Snowden leaks as inaccurate. In fact, the NSA does not listen to phone calls or look at personally identifiable information, but as a part of its counter-terrorism operations it can – with court permission – access certain pieces of data, such as the patterns phone calls create when foreign numbers call U.S. numbers or vice versa.
He further stated that he is open to figuring out how to allow for greater transparency at his agencies.
Retired Admiral James Stavridis recently published an op-ed that suggests an interesting idea on how the Services perform, organize, train, and equip in the cyber realm. He compares the cyber domain to the air domain, including the struggle for an independent Air Force, and he recommends that a new service, a Cyber Service, be established.
The article, below, should encourage some debate and help provide a framework to discuss how cyber capabilities and operations relate to air power and our national defense:
Manager, Government Relations
Air Force Association