Cybersecurity

America’s next great battlefield

Arkansas Democrat-Gazette Cybersecurity Illustration
Arkansas Democrat-Gazette Cybersecurity Illustration

Six years ago, while describing the inexorable march of progress, President Obama casually slandered one of his predecessors, Rutherford B. Hayes. In Obama's telling, Hayes was a hapless Luddite who, when confronted with the newfangled telephone, muttered, "It's a great invention, but who would ever want to use one?"

"That's why he's not on Mount Rushmore--because he's looking backwards," Obama continued.

Not to sound pedantic, but the 19th U.S. president isn't on Mount Rushmore because he was an accidental president who served a single uneventful term. If Hayes is remembered for anything, it's for prematurely pulling federal troops from the South after the Civil War.

As for that line about the telephone, in today's parlance it would be called "fake news." Rutherford B. Hayes, who had the first telephone installed in the White House, loved technology. What he really said while testing the device with its inventor, Alexander Graham Bell, was: "That is wonderful!"

Pumping the brakes on change is an understandable impulse, but it's not what new technologies do. They speed things up, often with unpredictable, highly disruptive results. At the dawn of the Internet Age, for example, it was hoped that the World Wide Web would bridge human differences in age, gender, race, religion, and nationality. How well has that worked out? Ask GoDaddy and Google, which have had to wrestle with the ethics of giving neo-Nazi groups space on their platforms.

When Mark Zuckerberg testified to a joint Senate committee on Capitol Hill

recently, the technology gap between Facebook's 33-year-old founder and the well-seasoned senators on the dais was conspicuous. Utah Republican Orrin Hatch, elected to the Senate more than seven years before Zuckerberg was born, didn't seem to realize that Facebook ran ads on its site. When Roger Wicker of Mississippi asked a question that elicited a response from Zuckerberg about Internet "cookies," he was met with blank stares from several senators on the panel.

What did you expect? This is Washington, D.C., not Silicon Valley. Two years ago, a Government Accountability Office review of the federal government's technological systems uncovered shockingly outmoded equipment and software. The U.S. nuclear arsenal was under the control of a vintage computer system that used 8-inch floppy disks, along with a communication network using Assembly language code, developed in the 1950s.

Then there was the Pentagon's Strategic Automated Command and Control System, which, as the GAO noted, coordinates "operational functions of the United States' nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support aircrafts." It was being run in 2016 on an IBM Series/1 computer, a machine that was state-of-the-art when it was first introduced 40 years earlier.

In 2009, Zuckerberg described the philosophy he'd been imparting to his company's software developers in rah-rah language that provided a stark contrast to the tortoise pace of innovation in Washington. "Move fast and break things," Zuckerberg told his coders. "Unless you are breaking stuff, you are not moving fast enough."

By 2014, while on one of his periodic apology tours, Zuckerberg realized that this mantra was impolitic. He revised it. In truth, it was a pretty good working definition of the ethos that has reigned in Silicon Valley for a long time. Before "move fast and break things" came the quest for the "killer app." Before that, the Holy Grail was known in the Valley as "the Next Big Thing." Contrast such attitudes with the prevailing M.O. in Washington, where the approach to substantive change might best be described as "with all deliberate speed."

That wording comes from a famous Supreme Court decision, Brown v. Board of Education, in which the high court ordered the integration of America's public schools. They did this nearly 100 years after the Civil War ended. Even then, "all deliberate speed" took another 14 years before much of the South complied.

The radically different pace of innovation between government and private industry--particularly the tech sector--is not an academic question of rival cultures. It's a real problem, with blame in each camp, and it helps explain why the U.S. government has been slow responding to cybersecurity threats and why the techies have been so blasé about these weapons they've created.

When Arizona State University professor Braden Allenby explains how data mining and political consulting firm Cambridge Analytica used Facebook's personal information in the 2016 on behalf of Donald Trump's campaign, he invariably gets incredulous questions from the tech-savvy millennials in his class: Why didn't President Obama or the Hillary Clinton campaign do more to counter it? And how could Facebook claim that none of this impacted the election?

"The answer," Allenby says, "is that the cycle time of technological change--especially as cutting-edge behavioral economics, video technology, and AI-based big-data analytics using Facebook data came together with some playful Russian postmodernist KGB types--caught everyone by surprise.

"The difference is that the techies, who were used to that rate of change, got it," he adds. "The pols didn't."

The Central Intelligence Agency and National Security Agency use cutting-edge technology in their black box capers. As University of Illinois professor Robert W. McChesney mentioned in an email exchange with RCP, the Internet was created by the Defense Advanced Research Projects Agency, and Silicon Valley and private-sector tech companies elsewhere have "extremely lucrative" relationships with U.S. military and intelligence agencies.

"Some of our federal agencies have been, and are, bankrolling and encouraging these same disruptive technologies," McChesney noted. "DARPA continues to drive an inordinate amount of innovation [in areas such as] AI and robotics."

That said, the inability of the federal government to protect its own agencies from foreign hackers has been a national embarrassment, with potentially devastating consequences. Among the agencies in which personnel files were accessed in 2014 were the White House, the State Department, Department of Health and Human Services, and the Nuclear Regulatory Commission.

The next year was worse. In 2015, the Department of Defense was accessed by hackers, as were the computers of the Federal Aviation Administration, the Internal Revenue Service, and the Office of Personnel Management, which coughed up employee information on some 22 million current and former federal employees.

Earlier this year, nine Iranian hackers were indicted by the Justice Department for a hacking spree that went on from 2013 to 2018 and which broke into 144 American colleges and universities, nearly 50 private companies based in the U.S. and Europe, and five U.S. regulatory agencies, including the Labor Department, the Federal Energy Regulatory Commission--not to mention the United Nations.

"That type of criminal activity does not just cause economic harm," Deputy Attorney General Rod Rosenstein said in announcing the charges. "It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice."

Digital communication wasn't supposed to go this way. DARPA may have invented the thing, but control of it was wrested rather quickly by "the community," as early users thought of themselves. And this community recoiled at the very idea of government oversight.

The pioneers of the Internet were not malicious. They were idealistic to a fault. But their own lack of malice blinded them to how easily their tools could be used by other users with nefarious intent. Or misused by tech companies founded by ambitious prodigies whose wizardry with software instilled a hubris so profound that the result was the destruction of the very concept of personal privacy, at least for users who availed themselves of social media, the Internet, or even email.

The subtext of recent congressional hearings, then, was comeuppance, which Mark Zuckerberg knew full well, as evidenced by his opening statement. But expressions of contrition are not going to be enough to satisfy Facebook's many critics. Sen. Lindsey Graham walked Zuckerberg through his paces, demonstrating that in any way that matters to consumers, Facebook is a monopoly. In a subsequent written statement issued by his office, Graham spelled out where he is going: "self-regulation" of tech companies in general, and Facebook in particular, clearly hasn't worked.

"Contrary to Mr. Zuckerberg's assertion, Facebook is a virtual monopoly," Graham added, "and monopolies need to be regulated."

Even those critical of Silicon Valley's heedless approach are skeptical that this is the answer. Braden Allenby's boss, Arizona State University President Michael Crow, said that using the regulatory tools employed against heavy industry in the early 20th century against a company that is essentially a data collection platform would be unlikely to work, and might make things worse. It's not Facebook's size that is the problem, it's its willy-nilly habit of sharing information, which wouldn't go away if Facebook were broken into pieces.

Facebook began, as Zuckerberg reminded the senators, on a college campus. With 72,000 students, Arizona State is a juicy target for digital hucksters, and Cambridge Analytica approached Crow three times before the 2016 election in attempts to get its hooks into the ASU community. Based on an uneasy feeling, Crow turned the company down.

But if the goal is bridging the cultures of tech and government, the way forward is not yet clear. "All technology can be used for good or for bad," Crow says. "Silicon Valley culture is powerful, but its concepts are too narrow. It doesn't think in a real-time way how its innovations can be misused, or how they should be applied."

Yet all the hubris doesn't flow from one direction. Twenty years before the Russians meddled in a U.S. presidential election, Congress defunded and closed the Office of Technology Assessment with the acquiescence of the Clinton administration. This $22 million agency was targeted by the Republicans' 1994 Contract With America. Many of those Republicans, and even more Clinton administration veterans, surely wish they could get a do-over on that vote.

The point here is that both cultures, Washington and Silicon Valley, could use a new mantra. It might not be sexy, but it could be more effective: How about: "Move fast--but not too fast--and fix things."

Carl M. Cannon is Washington bureau chief for RealClearPolitics.

Editorial on 04/22/2018

Upcoming Events