President John F. Kennedy’s 1961 call to put a man on the moon and return him safely to earth was risky. He put an incredibly ambitious stake in the ground, and in July 1969, there was a U.S. flag planted on the moon. Today we face a different challenge. Cyber attacks are pervasive and real, running from pernicious email hacks to dangerous intrusions of power grids, financial systems, and even our military’s weapon systems. A bold call to action is needed.
Malicious actors have intruded, spoofed, and even shut down unclassified email systems at the Pentagon, State Department, and White House. Recent email hacking at the Democratic National Committee highlights the real possibility of foreign entities playing a mischievous role in the U.S. presidential election.
Dozens of U.S. companies have suffered data breaches. The North Korean government hacked Sony Pictures in 2014, revealing confidential company information. At other companies, such as Target, compromises of customers’ credit information have led to multimillion dollar losses. The suspected Chinese hack of the Office of Personnel Management resulted in the loss of personal data of more than 22 million U.S. government military, diplomatic, and intelligence employees worldwide. A December 2015 cyberattack on the Ukrainian power grid, ostensibly by Russian operatives, left 230,000 Ukrainians without power in cold, winter darkness.
After the Ukraine incident, the Department of Homeland Security and the Federal Bureau of Investigation began a far-reaching effort to inform U.S. electric utilities of similar threats. The Director of the National Security Agency (NSA), Navy Admiral Michael S. Rogers, referencing the cyberattack on Ukraine, said, “It is only a matter of the ‘when,’ not the ‘if’—we’re going to see a nation-state, group or actor engage in destructive behavior against critical infrastructure in the United States.”
Banks and stock exchanges also have been the targets of cyber attack. Criminal hackers recently penetrated Bangladesh’s central bank and fooled the Federal Reserve Bank of New York into sending $81 million to fraudulent accounts. Chairperson of the Securities and Exchange Commission, Mary Jo White, has stated cybersecurity is the biggest risk facing the financial system.
The U.S. technological edge is a constant target for cyber espionage. Adversary nations are stealing our intellectual capital to cut their own research-and-development costs and time. In March 2016, a Chinese businessman, Su Bin, pleaded guilty to conspiracy to hack U.S. defense contractors and pass sensitive military aircraft data to China. Intelligence officials described this incident as “a drop in a bucket that keeps getting bigger every year.”
There is a widespread belief that NSA’s cyber lead is so great that potential adversaries are at a long-term disadvantage. Yet NSA hacking tools recently have been reported mysteriously appearing on-line, potentially providing a quantum capability leap for other nation-states, cyber criminals, and even terrorists.
In response to growing cyber threats, the Obama administration has developed a series of piecemeal policy prescriptions. The President’s Cybersecurity National Action Plan, released earlier this year, continues to focus on directives to federal agencies, while touting the plan as the “capstone of seven years of determined effort by the Administration.” In April 2016, the White House announced its Commission on Enhancing National Cybersecurity, which seems a prudent, though tardy, step. Its charter is passive, calling only for “recommendations on actions.” The plan is late, bureaucratic, and no clarion call for action.
The time for small steps is past. To address the cyber threats to our nation, we must take a lesson from President Kennedy’s galvanizing challenge to put an American on the moon. The U.S. space program was led, not by the White House staff or existing federal agencies, but rather by a well-funded, extragovernmental organization that was able to move quickly. In a similar vein, today’s national cyber effort must be led by a strong, widely recognized leader, not a White House “special assistant.”
A “cyber moon shot” should be a true bipartisan initiative. If properly funded, it will draw the best leaders and ideas from academia and industry. The Apollo space program cost approximately $200 billion in fiscal year 2014 dollars. The Obama administration’s current $19 billion cybersecurity proposal, spread across multiple departments and agencies, pales by comparison.
It is time to plant another stake in the ground. Our next President should emulate Kennedy’s vision and lead the nation to solve our cybersecurity challenges by the end of this decade.