Leaving ourselves vulnerable to cyberattack

When it comes to prosecuting the last decade’s military actions in Afghanistan and Iraq, our nation’s civilian leadership such as the defense secretary and president are constantly told by member of Congress to “listen to the generals” and take their cues on strategy from the commanders in the field. But when it comes to cybersecurity and protecting our vital national assets such as the electrical grid or banking infrastructure from cyberattack, many of our country’s legislators think they know better than the generals.

The cyber domain is apparently so important that the Senate has approved a four-star general to lead it (one of only about three-dozen active four-stars in the military), but not so important that its members feel the need to act upon his warnings with any urgency.

National Security Agency Director GEN Keith Alexander recently said the following to members of the Senate Armed Services Committee: “It is increasingly likely, as we move forward, that any attack on the U.S. will include a cyberattack. These are threats the nation cannot ignore. What we see…underscores the imperative to act now.”

Alexander supported the cybersecurity legislation that failed recently in Congress, and said just weeks ago in a widely reported presentation from the Aspen Security Forum that American readiness to address a catastrophic cyberattack was only a 3 on a scale of 10.

This is a theme held by many in our society, including Rep. Dan Lungren (R-Calif.), who expressed similar misgivings at the recent Defense Systems Summit on Cyber Defense about Congress’ lack of action to pass legislation that places a minimal amount of cyber accountability on the companies that operate our power grid, for example. Former National Security Agency director and retired vice admiral Mike McConnell also wrote about this recently in Defense Systems, saying that our (in)actions are willingly exposing ourselves to a cyber Pearl Harbor.

Those warnings seem to have fallen on deaf ears as many legislators have chosen to ignore the advice of our admirals and generals, and voted a narrower set of interests peripheral to the security of our nation. I’m not advocating one political philosophy or another, as I believe the security of our nation is an American issue, not a Democratic or Republican one.

But cybersecurity protections that address our food and water supplies, health-care systems and power grids need to happen immediately. It doesn’t do our nation any good to have the U.S. military barring the front door against our enemies, while we leave our rear vulnerable to cyberattack.