- - Sunday, April 14, 2019

ANALYSIS/OPINION:

On March 30, a Chinese woman named Yujing Zhang was arrested when she tried to enter President Trump’s Mar-a-Lago resort in Florida pretending to have been invited. When arrested she was reportedly in possession of four cellphones, two Chinese passports and a USB drive that was quickly determined to contain computer “malware,” the kind of software used by spies and computer saboteurs.

Ms. Zhang is almost certainly a Chinese spy, albeit one lacking in the skills that spies call “tradecraft.” Because she was stopped before she could employ her cyber weapons, her arrest sheds no light on the cyber security surrounding the president.

Some government officers and agencies are much better protected than others. We know from the “Cybersecurity Readiness Review” submitted to the Secretary of the Navy on March 4 that the Navy’s cyber security is a very dangerous mess. While the unclassified report paints a scary picture, I am told that the classified version is more frightening.

The report begins with the elementary fact that America’s strong economy is the foundation upon which our military strength is built. As we face competition from peer-level adversaries, our strength both economic and military is being robbed by cyber spies. It says, ” in the current struggle for global influence and dominance, U.S. economic strength has been materially eroded by years of tolerated, massive commercial Intellectual Property (IP) theft.”

Note well the word “tolerated.” Our toleration of these thefts of information have both diminished our future military advantage and has continued, ” all with little to no adverse consequences to the thieves.”

That has been going on at least since the 2003 Chinese “Titan Rain” cyber attacks on U.S. government systems.

The report found that future long-term American military advantage is being diminished by years of theft of intellectual property — classified and unclassified — from the Defense Department, the Navy and the defense industry on which we depend to sustain and advance the technological superiorities that enable us to win wars.

“There are many bad actors,” the report says, “but China and Russia in particular have focused their efforts in strategic ways and are executing at scale to achieve their objectives, while the U.S. remains relatively flat-footed, and is too often incapable of defending itself.”

The report castigates the Navy’s rigid structure, its apparent inability to respond quickly to cyber threats and is severe in its criticism of the Navy’s failure to coordinate cyber threat protection and readiness. That criticism extends to the Navy’s cyber coordination with its contractors which are often the victims of cyber intrusions that capture classified defense information including design and functions of our best weapon systems.

From the report, we know a lot about the Navy’s problems. The Army and the Air Force are not likely in much better shape. Why?

In February 2018, Adm. Mike Rogers, then the outgoing director of the National Security Agency and commander of U.S. Cyber Command, told the Senate Armed Services Committee that the agencies he had led could do much to harden cyber networks after they had been attacked. But to deter further attacks — and to respond to them with like attacks against the nations committing them — was beyond his reach.

Policy decisions such as a determination to counter-attack those nations that are spying on our government (and possibly committing cyber sabotage) have to come from the commander in chief. Real deterrence, Adm. Rogers said, would have to result from a “whole-of-government” response.

Whatever we are doing to detect and repair the damage caused by the attacks that are perpetrated against our government and defense industries every day is not deterring our attackers. Because tolerance is the opposite of deterrence, our adversaries have no reason to stop or even slow their cyber attacks against government, industry and even our political system.

According to the Navy report, because insufficient resources are dedicated to cyber security and because of the current scientific limitations on the detection of cyber attacks, the Defense Department and the Navy have limited understanding of the losses they are incurring. The report says that only a small subset of incidents is known and of those known, an even a smaller set are fully investigated.

We can do vastly better if we decide to do so. The answer is not just to throw money at the problem in the hope that more resources can do a better job. The answer is the “whole-of-government” response that Adm. Rogers called for that no one but the president can demand.

Mr. Trump should — with the help of the NSA, CIA and DoD — draft an executive order that ends our tolerance of cyber attacks and replaces it with the methods and means of imposing deterrence. Once that order is signed still more will need to be done.

The president should demand that Congress legislate authorities that will enable those agencies to respond in-kind to cyber attacks by nations and terrorist networks. The Democrats, who are so immersed in Trump-hatred they won’t deal responsibly with any national security threat, will deny the cyber emergency exists. Mr. Trump will have to add it to his 2020 campaign issues list.

Every day, we detect thousands of attacks and defeat many of them but fail to impose any cost on our attackers. Tolerance is the opposite of deterrence. QED.

• Jed Babbin, a deputy undersecretary of Defense in the George H.W. Bush administration, is the author of “In the Words of Our Enemies.”

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide