CACI's Dr. Jack London on WikiLeaks, the Insider Threat and Defining Cyber War

The New New Internet: There's also the issue of how about medical records. What if all those were made available to the public?

Dr. Jack London: There you go. And when I said, ‘the tip of the iceberg,’ I think you're now beginning to get your hands below the waterline and share with me, at least from our short conversation here, a little perspective. There's a whole domain of private, privileged–is it secrets? Perhaps not in the national security sense, but it's certainly private information to the individual. Another thing I want to make a point of, I'm a great believer in the rule of law. I have seen worlds. I've been around the world three or four times in my life, and countries where the rule of law is a ‘wink, wink’ and sort of swept aside. And the great enormous strength of this country and the value of it, as a leader in the world, is our rule of law. Oh, by the way, it's only protected by the men and women in uniform that protect the rule of law, which gives you and me the freedom to converse and have our opinions and be able to express them publicly and freely. That's not a given. There's nothing automatic about our ability to do these things. In fact, I would venture to say that in four or five decades the whole thing could flip, if we're not careful. There's some handwriting on the wall about what's happening in the Far East in terms of economic power and growth and the technological ware with all. You probably saw that Secretary Gates, in my opinion, was rather embarrassed by some of the things that came across in his visit to China. In fact, I will submit to you, embarrassed on purpose. I would submit to you, as an observer of these processes for many decades that that was all done on purpose, and it was a beginning to test and probe the efficacy and the resolve of our defense establishment, our national security and, quite frankly, the president of the United States. That's not a political statement, Camille. That's an observation from many years of experience.

The New New Internet: How do you find the balance between the public's right or need to know and the protecting of national security secrets?

Dr. Jack London: That's a tough one. I heard that you were interested in that, and it is a tough one. I have to go back to the rule of law idea. The national security is–does have statutes that control it. And I think the Supreme Court's not been challenged.  Those statutes have not been challenged effectively by the Supreme Court, so they are the rule of law. I guess I'm just kind of repeating myself here. I'm a rule of law person and if the rule of law says that the release of security-classified documents is against the law, then that's where I am. If the Congress and the Supreme Court deem some other fashion, then that's probably going to be fine with me, too, but I don't think you can kind of say, ‘Well, there's this need to know, so it's okay for WikiLeaks to put stuff out, because the public needs to know this stuff.’ It's a judgment that–and who authorizes? Who says and permits Mr. Assange to release all this stuff? Why does he think he has the authority to render a judgment about what is in the best interest of the people of this world, or the American people or national security?  He has no right to do that anymore than anybody else. And so, you get back to the rule of law issue. I'm a very strong believer in the rule of the law in the sense of the First Amendment, freedom of speech. You were thinking about the national security and secrets and need to know, it reminded me of the enigma machine. Code-breaking technology of the second World War. I believe I could argue persuasively that the public did not have a need to know about the details of the enigma machine, how it worked, how its algorithms were put in place eventually there in Great Britain, but it made all the difference in the outcome of the war.  God knows how many American soldiers' lives were not lost because of our ability to crack that code. In fact, I would argue that the public didn't even need to know there was such a thing as that project. Some people say, ‘Ah, Jack, you can tell them about that project because even the Nazis and the Germans would know. They'd be smart enough to figure out we're trying to break their code.’ Well, I got news for you, I wouldn't want to confirm or have anybody confirming that we were trying to do it. So, I'll just start with that argument, because I think it's obvious and clear that the public didn't need to know that. In fact, I would argue, I think, fairly persuasively that the public didn't even need to know that such a project was going on. In fact that was the secret, as we know now, of course, looking back.  So, that'd be my illustration of getting ones arms around the notion of need to know.

The New New Internet: Here's another million-dollar question: How do you prevent leaks?  In the WikiLeaks case, everything came down to an insider threat. But, overall, how do you prevent leaks?

Dr. Jack London: I'm familiar with the details, or, at least, I'm familiar with some of the details. I think the prevention of illegal release of classified documents and material is the same kind of challenge as the spies, moles that we've had in our society before.  That we have a fairly good history of counter espionage and counter intelligence activity in the security community and the national intelligence community. We've had some terrible, terrible violations of the sale of truly government national security military secrets to the Soviets, as you undoubtedly recall, and some things that were even sold to the Israelis or provided to them. I'm not sure that the notion of a 100 percent protection is even feasible, let alone something that can be addressed. That there's two big pieces of this, two categories of consideration. The first of which is a technological prophylactic technologies and capabilities. And then the other is what I'll call the procedural or protocol aspects of it that have to do with personnel management. I'm not the author of this, but somebody says it's the difference between neurons and electrons. Neurons being the, what goes around in people's heads, and electrons, what goes around in the machines. And it is in the sense of two major aspects of the problem. The knowledge I have, or information I have that I've read and been briefed on from time to time are people tend to believe with considerable conviction that the technological side of it is not the significant challenge that there are technologies, capabilities, systems, mechanisms and so on that would give you tremendous security protections, almost always on a tailor-made basis, by the way.  The notion of one device that will magically–the magic pill idea that to take all your risk away technologically with a magic pill is probably not even a realistic concept, but solutions can be developed–technological solutions. But, if you have the intent, indiscretion, violation intent on the party, your staff or your people in any way, you got a hell of a problem. You have to revolve around or go back to the notion of screening, of compartmentalizing information or access maybe, access codes that have to be rotated. You have to have a more elaborate mechanism, protocol, process, procedure, if you will, on the people side of the issue. There needs to be some conceptual way where you have to have a two-key solution.  If you're familiar with the intercontinental ballistic missile force:  The United States force both in the submarine and the land silos, you had to have two people that had keys to arm the systems, and you couldn't have one guy do it, because the systems were far enough apart. You had to have two different keys and two different stations, and they had to be turned in a fashion that would arm the system. We have to have, what I'll call, more like fail-safe mechanisms in the procedure side of it, the policy side of it than we do today. And those things can be developed. In fact, I would say probably here in the Northern Virginia area, there will be companies focusing on those kinds of solutions. In fact, CACI International certainly is, I believe, a thought leader in the cybersecurity area. We have a cybersecurity laboratory we put together, for example. And we're out with a symposium. In fact, we have one, Camille, going up here on the first of March, [“Countering Cyber Challenges to the Industrial Base.”] It's going to be held downtown at the Carnegie Institute, and we'll have a full day of a series of panels and so forth.

The New New Internet: Is that open to the media?

Dr. Jack London: I regret that it will not be. I was hesitant in mentioning. I certainly appreciate the opportunity to visit with you, but it will be U.S. citizens’-only type of invitation only type of thing. But, we expect a turnout of those individuals that have the interest to keep educating themselves, if you will. It's a public service thing that we do these things from time to time in an effort to stimulate dialogue. We don't have a shtick, so to speak, in this issue, but we do have an interest, both as a professional organization, but a citizen of this community and this world to see that these things are handled.  And we have the capacity to address them and stimulate or kind of debate. The result or the outcome of our symposium–I think that's what we're calling it. Anyway, it's of our day-long dialogue will be a report and recommendations, which we have done in the past for some of these.  This will be our fifth. I don't know if you have any interest, but we could certainly forward to you the reports from the symposiums starting back in 2008 when I kicked off our first one.  One of our outside board of directors gentleman, Dr. Warren Phillips, and I kicked off an asymmetric threat series of symposia, and this is the fifth in that series. 

The New New Internet: Yes, definitely.

Dr. Jack London: We'd be delighted to do that. These obviously are unclassified public information. In fact, one of our objectives is dissemination of the output of these symposia, so people, again, can be informed and begin to develop some ideas of how we might handle some of these really national challenges. I have been known out here to speak in terms of this being a very dangerous world. I see it very chaotic. It has a very different modus operandi. It has a different style to the challenges than we've seen in the last century. In fact, dramatically different. And we have not yet, in my opinion, developed a notion of how to effectively treat some of these or address them. It's something we've really got to figure out, because we're spending an awful lot of money trying to do so, and I think in good faith, but we've got to be more productive in coming to some sharper edged solutions in some of these areas, in the cyber warfare, cyber security area, all of WikiLeaks, etc. is formidable because of the implications and omens for the future. Not WikiLeaks by itself per se. If it was a one-time deal, it would be bad enough, and we could apologize and perhaps some people would lose their lives, but it is an indication of how dramatically out of kilter things can become because of the Internet technology and the way to disseminate on a global basis.

The New New Internet: Do you think there will be more WikiLeaks-like organizations that will spring up?

Dr. Jack London: From the copycat side, I think it's entirely realistic to think in those terms. The funding and backing for these things can come from all kinds of sources, from organizations that are intent on focusing on competitors, if you're in the commercial domain. And in an anonymous fashion, they can come from a small organization that can be funded by nation states on a paramilitary basis to attack other countries. In fact, we've got some material out about China in the midst of writing another article doing some research about the Chinese cyber threat.

The New New Internet: They're really busy over there, developing cyber capabilities.

Dr. Jack London: Well, as I was trying to express and share with you, Camille, I believe it's a significant challenge. I'll be generous and say, we're lagging behind. I won't say we've lost the game. By the way, I want to make a note that I believe the United States has a formidable cyber-warfare capability. I won't go into any more detail, and it's not because I'm talking secrets here. I just want to make that statement that I'm knowledgeable and believe that there is significant capability. There are some nation states that are very active in this area. As you know, Russia and certainly the Israelis and China have been coming on very strong. I'm personally doing an article on the Chinese cyber threat, hopefully, for some media publication here in the not too distant future in the spring. It is formidable and it's serious. And I think sort of ignoring it is frankly dangerous for us.

The New New Internet: Dr. London, those were all the questions that I had. Is there anything you would like to add?

Dr. Jack London: Well, I would say that we're dealing with issues that aren't defined yet sufficiently. The issue of the rule of law, the first amendment and the implications therein pertaining to national security are indeed significant, important and frankly must be addressed at a national level through proper debate and perhaps legislation.

You may also be interested in...

GSA Eyes “˜On-Ramp' Solicitation for OASIS Small Business IDIQ's Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA's Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar Technologies' SSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen's Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company's experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen's move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.