Technology is changing the way that we live today. It is a simple premise, one reiterated frequently by countless Silicon Valley CEOs and entrepreneurs with new ideas. For the U.S. government, and especially American defense, these technological changes are of ever increasing importance. The 2018 National Defense Authorization Act passed late last year addresses some of these changes and moves towards an understanding of cyber warfare as its own field of combat, much like land, sea, and air. Even these changes may not go far enough to address the security threats of the 21st century, say many technology experts, who recently discussed necessary changes to the Defense Department’s supply chain, workforce, and operating procedures at an event co-sponsored by the R Street Institute and the George Mason National Security Institute.
“The reality is that today we are in a very real shooting war in cyberspace,” says Jamil Jaffer, Founder of the National Security Institute at George Mason University. “It may not be big bullets, it may not be big bombs or nuclear weapons, but we are in an ongoing offensive campaign brought by our enemies against us.”
This asymmetric warfare includes intellectual property theft by China, low-level ransomware attacks by Russia, and other hacking attacks by countries like North Korea and Iran. While most of these attacks have not targeted military equipment, that does not make the threat they pose any less real.
“We are very much in a state of cyber warfare today. It may be more like a state of cold war, but it is happening,” he stressed.
Combating the cyber threats of the 21st century will require major shifts in how the federal government pursues both procurement and protocol decisions as well as how it interacts with Silicon Valley. At present, the gulf between America’s innovative tech minds and the government is perhaps best demonstrated by the fact that they are focused on opposite sides of the country and rarely interact.
“To do any of these things we need the people, and the government is not getting the people it needs,” says Betsy Cooper, Executive Director of the Berkeley Center for Long-Term Cybersecurity. She points out that for many people coming out of top tech training programs, government isn’t even considered as a career option, and suggested the creation of an off site campus where industry figures from Silicon Valley could liaison with government employees in a more balanced fashion.
Today’s cybersecurity threats effect both business and governmental targets. As a result, it is in the interest of both groups to work together to allow for better security. However, the present environment encourages each side of the equation to treat partnership as something business is unlikely to benefit from. This has negative effects on partnership on several levels, from programmers who see their salaries being higher in the private sector, to companies who see little to gain from sharing their data with the government.
“The federal government needs to understand it is a stakeholder not the stakeholder in cybersecurity,” says Klon Kitchen, a Heritage Foundation Senior Fellow of Technology, National Security and Science.
Fixing the problem will require demonstrating to Silicon Valley that cooperation provides benefits of its own. Even so, he sees this reality as potentially helping the government, since it is confronting the same security challenges as multinational corporations.
Today, both large Silicon Valley corporations like Apple or Walmart and the federal government are facing attacks from overseas actors, softening the distinction between an attack against a U.S. entity and one against the U.S. itself. Allowing the government and companies to cooperate to combat these threats would be a significant step forward for cybersecurity. It is still hard to estimate when that might take place.
At the same time, the line between cyber tactics and traditional warfare is becoming more and more blurred. On a high level, it is easy to distinguish between hacking an enemy’s computer systems and sending in a fighter plane to drop bombs on a specific location. But what about a situation where a deployed team of special forces troops encounters a weapons facility secured with a closed circuit camera system? Under the present rules of engagement, the team is required to rely on national level capabilities such as those hangled by the NSA and CIA in order to use relatively simple cyber technology to compromise the system.
“The problem is those capabilities are in high demand and often higher priorities prevent the utilization of these capabilities. The net result is that the ODA [special forces] team now has to assume a greater risk profile, both to mission accomplishment and personnel, to accomplish the mission,” says Kitchen.
“These missions aren’t going away,” he continued.
The trouble is not the technology itself, which is easily available at the tactical level. Instead, operations are hamstrung by an over centralized approach to tactical cyber missions. Standards have a role to play, but in the ever-adapting world of technology, governmental standards are simply too slow to keep up.
Silicon Valley may be thousands of miles from Washington, but it looks like the two increasingly need to learn to work together.