It’s a little late for a “Danger, Will Robinson” warning. The United States has a serious security problem in cyberspace. The government thinks more bureaucracy is the answer. It isn’t.
The Department of Defense, FBI and the U.S. Marshals Service all were hit last week by a computer virus resulting in partial shutdowns of their cyber systems, according to sources with knowledge of the situation. The Defense Department would not confirm or deny the virus, but the FBI and U.S. Marshals confirmed their problems to the Associated Press.
These are mere skirmishes in a larger war in cyberspace. The Pentagon spent at least $100 million defending against an untold number of cyber attacks within the past year. To address the issue, Defense Secretary Robert M. Gates plans to add a new layer of bureaucracy by establishing the National Security Agency as head of a new cyber command reporting to U.S. Strategic Command. Instead of increasing efficiency, this is likely to increase confusion in the already cumbersome defense and intelligence bureaucracies.
Air Force Gen. Kevin P. Chilton, Strategic Command chief, admitted in April that the U.S. military does not have a full grasp of the problem. The Pentagon isn’t even sure what machines are connected to the classified Defense Department Intranet. “We know we don’t have the answers and oftentimes don’t even know what the right questions are to ask,” he said of the military’s cyber-security problem.
According to Defense Department sources and documents prepared by the Office of the Secretary of Defense that The Washington Times obtained, NSA Director Lt. Gen. Keith B. Alexander will take over the new command while continuing to run existing NSA operations. It remains to be seen how much power he will have over Pentagon cyber policy.
Congress has its own ideas about how to tackle the problem. Legislation proposed by Senate Commerce Committee Chairman John D. Rockefeller IV, West Virginia Democrat, and Sen. Olympia J. Snowe, Maine Republican, mistakenly aims to establish the Commerce Department as the federal clearinghouse for information on critical cybersystems. The agency has no real expertise in the area. Another bill would establish a White House-level director of cyber policy to oversee all federal efforts. Coordination is essential, but so is lean, fast-moving response.
All these proposals share a common problem. They seek to address a fluid 21st-century information system with a bloated and outdated bureaucratic model. Creating new federal agencies to address a lack of interagency cooperation has proved less than effective in recent years, as the Department of Homeland Security and director of National Intelligence have shown.
The answer to ineffective bureaucracy is not more bureaucracy.