The threats from cyberspace grow more powerful and pernicious. Companies from Sony Corp. to Google Inc. to Lockheed Martin Corp. have admitted startling security lapses. The International Monetary Fund last month suffered a “very major” breach leading to the loss of sensitive data. Congress and executive branch agencies faced almost 2 billion cyber-attacks a month last year.
Who or what is behind these attacks -- belligerent nation states, criminal gangs, alienated teenagers -- is rarely clear, but the message of their mayhem is: Our vast digital infrastructure, which grows more critical to our civilization each passing day, is much less safe than we thought.
In a discussion yesterday with Bloomberg View’s editorial board, Admiral Mike Mullen, chairman of the Joint Chiefs of Staff, noted gravely that cybersecurity is one of two existential threats facing the U.S. (along with nuclear weapons). “Because it can get at the structures, the financial institutions, the transportation systems, the infrastructure that we have in the country,” he said. “And it needs to be front and center, in military parlance, in all of our ‘war-fighting thinking.’”
He’s right, and the Obama administration, to its credit, has been sounding the alarm on these threats. Last month it released a legislative proposal urging a number of steps to protect utilities, financial networks and other infrastructure that, if compromised, could cause unacceptable public harm. The proposal isn’t perfect. But it does convey a commendable seriousness and urgency.
Urgency shouldn’t mean panic. As cyber-attacks grow more frequent and severe, and they surely will, the Obama administration needs to resist the inevitable bureaucratic temptation to overreact. Even as the military strives to reach President Barack Obama’s goal of saving $400 billion over 10 years, cybersecurity is one area where spending is likely to increase. This is smart: We have as much to fear from cybervillains in the near future as we do from enemy air forces or navies. But we should be wary of defense contractors who see “cyber” as the next pile of blank government checks.
This argues for devising a cybersecurity strategy with as much input from the private sector as possible within security constraints. One tack would be to foster competition and innovation among civilian software firms, which might develop cheaper and better tools than existing defense contractors.
The Pentagon will release its first formal cyberstrategy in coming weeks. We hope it shows a level of resolve and creativity appropriate to the threat -- but also that rarest of government qualities: restraint.
To contact the Bloomberg View editorial board: email@example.com.