President Barack Obama’s plan to create a new Pentagon Cyber Command has privacy and peace advocates crying foul, as the administration forges ahead with efforts to protect the nation from electronic infiltration and preparations for potential offensive operations against adversaries’ networks, according to the New York Times.
The president pledged that the comprehensive cyber-defense strategy unveiled last month “will not — I repeat, will not — include monitoring private sector networks or Internet traffic,” but senior military officials say Obama’s assurances may be difficult to guarantee in practice, particularly in trying to monitor the thousands of daily attacks against U.S. assets that have set off a cyber arms race between the government and criminal hackers.
Much of the new command’s mandate will be fulfilled by the NSA, who intercepted the domestic end of international calls and email messages after Sept. 11, under secret orders issued by the Bush administration. This decision has already generated controversy.
According to the officials, because of the way Internet traffic is routed, there is simply no way to effectively conduct computer operations without entering networks inside the United States or traveling electronic paths through countries that are not themselves U.S. targets, arenas where the military is prohibited from operating.
The postmodern nature of the Internet presents an interesting set of questions: “How do you understand sovereignty in the cyber domain?” asked Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff and a chief architect of the new cyber strategy. How can the government protect personal privacy when American computers are hijacked by botnets and used against our own government?
While Obama continues to promise personal privacy protections, military officials say there may be a need to intercept and examine foreign email messages to guard against computer viruses or potential terrorist action. (Remember that email from the deposed Nigerian prince who needed your checking account number to get his money out of the country?) Security advocates say the process could be accepted as a sort of digital customs inspection, in which passengers arriving from overseas consent to have their luggage opened for security, tax and health reasons.
But the biggest difference between cyber war and conventional war is the timeframe. A first-strike missile attack would show up on Pentagon satellites and radar systems at least several hours before their payloads struck, but in the event of a cyber attack, we would only become aware of it after the damage was done. A major unresolved issue is how the military and the NSA could legally set up an early-warning system.
For example, incursions from Russia, China and Eastern Europe probing for glitches in the firewalls of corporations, financial institutions, and the Pentagon are rarely detected unless they are successful. So will the new Cyber Command become a digital Big Brother, or a digital mall security officer, observing, reporting, and asking loiterers to “move along, please.” Hopefully, it will be somewhere in the middle.