In the wake of revelations that the US military network was compromised in 2008, and that US digital interests are under a relative constant threat of attack, the Pentagon is establishing new cyber security initiatives to protect the Internet. The Pentagon strategy--which is part digital NATO, part digital civil defense, and part Big Brother--may ruffle some feathers and raise concerns that the US Internet is becoming a military police state.
The mission of the United States Department of Defense is to provide military forces needed to deter war and protect the security of the nation. The scope of that mission includes emerging threats and the need to deter cyber war and protect the digital security of the nation as well. To fulfill that mission in an increasingly connected world, and with a rising threat of digital attack, the Pentagon wants to expand its sphere of influence.
The United States Deputy Secretary of Defense, William J. Lynn III, describes a 2008 incident which compromised military computer systems and classified information in an article in Foreign Affairs (free registration required to access full article). "It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command."
Lynn goes on to say "That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."
Lynn notes that more than 100 US enemies and foreign intelligence organizations are hard at work trying to find holes to hack into the digital infrastructure of the United States. That digital infrastructure extends beyond the .MIL, or even the .GOV domains, though--as many private interests also represent vital parts of the nation's critical infrastructure.
Americans--and American businesses--expect the government, and more specifically the Department of Defense and the Department of Homeland Security, to defend national security and ensure our freedoms and liberties. When the objective of national security collides with freedom and liberty, it creates friction.
We expect both security and freedom. It was understandable that the United States government would monitor communications to identify potential terrorist threats in the wake of the attack on 9/11, but many citizens were outraged to learn that the Bush administration had authorized warrantless wiretapping of the entire nation by the NSA.
Lynn explains "Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same. In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy."
Any time the issue of government oversight comes up--whether in the financial industry, or for broadband communications--some portion of the population cries "Big Brother" and declares that the government just wants power and control. While that may be a real concern on some level, it has to be balanced with the need for national security.
The reality is that many private business interests are an integral part of the critical infrastructure that the United States relies on for defense, commerce, communications, and other vital interests. The government should not control those interests, but the Pentagon has a vested interest in monitoring the digital security of servers and networks within those interests in order to fulfill its mission.
Rather than taking either extreme--military spying on everything in the interest of national security or spying on nothing to preserve freedom and liberty--an effective defense of US digital interests is best served by public and private sector interests working cooperatively for the greater good. Businesses should not accept frivolous government monitoring, but should understand that protecting America requires a balance between liberty and security.