Dear Mr. President—The Watchword Is Cyber
Our nation has historically enjoyed the geographic protection of broad oceans. But today, geography has only limited value as we assess our national vulnerabilities. The military notion of a “front”—a defined line of battle safely distant from our homes, schools and places of business—is becoming as antiquated as the buggy whip.
Because we are so completely dependent on information technology for our security, prosperity and way of life, and because it is so vulnerable to attack, the “front” is now everywhere. The U.S. Homeland Security Dept. reported a 152% increase in cyberattacks against federal agencies in 2007 from the previous year. Our economy is also under siege. According to a recent report on cybersecurity by the Center for Strategic and International Studies, our intelligence community claims that U.S. companies have lost billions of dollars in intellectual property to cyberattacks.
In pursuit of their stated desire to destroy the U.S., terrorists and other stateless actors finance their operations through cybercrime. For example, Imam Samudra, the terrorist convicted for the 2002 nightclub bombings on Bali, has urged his followers to learn how to fund their operations by hacking into credit card company computers.
These cyberattacks occur daily and are increasing. The race to defend against them constitutes the most critical military and economic imperative of this century. Yet this is a race we are losing.
Mr. President, your statements and actions clearly indicate your understanding that our nation’s cyberinfrastructure is now a strategic asset at risk. America’s defense industry stands ready to provide the technology to help solve this problem. But technology alone will not be sufficient.
Complex legal frameworks, such as Titles 10, 18 and 50 of the U.S. Code and International Traffic in Arms Regulations from the State Dept., impede coordinated countermeasures against this threat. Until these titles are reformed and updated, we will remain without the information-sharing mechanisms needed to manage and respond to cyberattacks. Such interoperability between defense and civil organizations and between state and federal offices is critical.
This fragmentation of our government mitigation efforts is, unfortunately, also mirrored in the structure of congressional oversight, which is distributed among multiple committees and subcommittees. Industry efforts, too, are scattered, and defense companies are particularly constrained by security compartmentalization of their contracts. This historical framework is inconsistent with the agility that will be critical to effectively counter the fast-moving cyberthreat.
What is structurally missing is focused congressional oversight and clear federal agency accountability. To be successful, we need government to provide an integrated, holistic set of regulations, measurable success criteria and financial incentives. We in industry should help define those criteria, and provide the advanced technology to reach the goal. Neither government nor industry can solve this problem alone. Together we need to enable and improve relationships with our international counterparts to achieve our common purpose.
America’s defense industry has heavily invested in the tools, techniques and human talent to address this problem. But, absent a significant change in government policy and a closer government-industry partnership, cyberthreats will continue to advance faster than our responses, and we will continue to fall behind. Losing this race risks catastrophe. Creation of a national effort that gathers the greatest minds in government, industry and academia is therefore imperative.
Mr. President, at this early stage in your administration, you command a precious but fleeting opportunity to address this urgent problem. Our nation has risen to great challenges many times before. It is time to do so again.
Sincerely,
Ronald D. Sugar
Chairman and CEO
Northrop Grumman Corp.
