On June 23, 2009, Secretary of Defense Robert Gates established the U.S. Cyber Command as a sub-unified command under the U.S. Strategic Command in order to defend military information networks against cyber attacks.1 This organization is the most recent Department of Defense (DoD) response to the increasing threats to U.S. military, government, and commercial information systems and rapidly developing adversarial network capabilities.
The cyber threat is the most pervasive and pernicious threat facing the United States today. Its mention does not immediately conjure visions of the catastrophic horrors that would result from an attack using a weapon of mass destruction, but today’s cyber threat is a very real and present danger. As of September 14, 2009, more than 10,450,000 U.S. residents had been victimized by identity theft in 2009 alone, and that number increases by one victim each second.2 Fifteen million victims will lose more than fifty billion dollars each year.3 Specific threats such as identity and consumer fraud allow us to quantify and understand part of the cyber threat in terms that allow the U.S. government,4 corporate America,5 consumer groups, and individuals6 to take preventive action. However, the growing number of victims would clearly suggest we have not effectively solved the problem, even if we are starting to comprehend its scope.
The cyber threat to U.S. national security, economic security, and public health and safety is far more amorphous and less susceptible of comprehension than its kinetic analogs. Popular media productions such as 247 and Live Free or Die Hard8 have depicted sophisticated cyber intrusions that intentionally caused aircraft collisions, a nuclear power plant meltdown, a compromise of White House security and communications…
The Internet seems to offer the promise of everything to everyone. For global and local business, it lowers costs while increasing innovation, invention, effectiveness, and efficiencies. For wealthy and poor economies alike, the Internet greatly expands markets for products and services. For peoples free and repressed, it provides an inlet and an outlet of expression. For large and small communities, whether living in urban centers or outlying regions, the Internet enables control over critical power, transportation, water, and sewerage systems.
Lest we forget, for sophisticated criminals, terrorists, warmongers, and spies, the Internet also offers the chance of a lifetime to cheat, steal, and strike from afar with little money, covered tracks, and enormous real world impact. While the ability to use the same technology for positive or destructive ends is neither new nor momentous, it is necessary to consider whether the rapid adoption of the Internet has provided so considerable an asymmetric advantage to our adversaries that it can change the course of American history. In this regard, when we consider the intent and capabilities of our enemies, we cannot underestimate them or, as the 9/11 Commission found in a different context, suffer from failures in imagination, policy, capabilities, or management.
Thus our future remains uncertain. Based on our increasing reliance on networks to drive our economy and support our health, welfare, communications, and security, certain questions loom large. For example, can our enemies control whether, how, and when our systems operate and our vital services get delivered? Are our personal and business records, corporate intellectual property, and state secrets routinely exposed or imperceptibly altered?1
Unfortunately, the answers to these questions not only remain unknown, they perhaps are unknowable. Therefore, it is difficult to provide our nation’s government leaders, corporate executives, shareholders, and citizens with reasonable assurance that our computer systems have not been…