Do We Need an Army of Hackers to Fight a Cyber War?
Despite all signs that America is facing an imminent cyber threat from state-sponsored global hackers – maybe something even on the scale of a cyber Pearl Harbor – we continue to plod along in rather nonchalant fashion. Those hackers might break into our Internet accounts, steal a few passwords and take down a few websites now and then, but they couldn’t possibly take down the nation’s power grids or financial markets, right? That’s apparently what Congress was thinking this month, when it had a chance to vote on a comprehensive new Cybersecurity Act that would have mandated tougher defenses for our nation’s critical infrastructure. Instead, Congress opted to go home for the summer.
But here’s a radical idea: America needs to create an army of hackers to defend cyberspace. And sooner rather than later.
To some degree, the National Security Agency, the Department of Homeland Security, the Department of Defense and military officials within the Pentagon have voiced similar notions. (Even President Obama has supported the idea of a stronger cyber-defense, most notably in a Wall Street Journal op-ed). Federal agencies are already recruiting at the nation’s top universities for new cyber-security talent and are even showing up at hacking conferences like DEF CON to make the case for working for the government. The NSA has proposed a working relationship with civilian hackers and businesses and has been supportive of a new hacking initiative called Defcon Kids, which aims to interest kids in a life of white hat hacking because it’s “cool”. At DEF CON this summer, the general who heads up U.S. Cyber Command went out of his way to praise today’s generation of hackers: “This is the world’s best cybersecurity community… In this room right here is the talent our nation needs to secure cyberspace.”
And, going beyond just the government, Google has taken the lead in offering to become a private sector “early warning” cyber defense system. With its intricate knowledge of how the world’s information travels around the Internet, Google has an up-close view of potential cyber intrusions. After all, as even the U.S. government admits – it has no way of knowing when foreign hackers are attempting to target our power grids or financial markets until it’s too late. That was part of the thinking of the (now failed) Cybersecurity Act of 2012, which would have required “critical” industries like energy, transportation and financial services to upgrade to military-style defense systems and share information with the government about potential attacks. Who better to know of a plan to take out Wall Street than the very financial services firms at the center of these financial markets?
Taken together, this mix of civilian hacker talent and private sector security know-how, would begin to comprise a loosely-coupled hacker army ready to defend America around-the-clock from their computers. Compare America’s laissez-faire approach to cybersecurity to that of China. The word on the street is that the Chinese are already starting to conscript similar types of hacker collectives for a potential cyber war. Foreign Policy magazine conservatively puts the size of China’s “hacker army” at anywhere from 50,000 to 100,000 individuals – and that’s in addition to whatever formal cyber-warfare capabilities Beijing has cobbled together.
At a time when the sheer volume of cyber-attacks against our nation’s infrastructure is growing at an unprecedented rate and the rumors continue to spread that state-sponsored actors are behind many of them, it’s not too early to think about creating an informal army of hackers to fight a cyber war. Better now than when the lights go off, the trains run off the tracks and the drinking water’s contaminated with toxic chemicals.