The virtual battleground
The President has signed a directive, exact contents still unknown, to authorize NSA to monitor the Internet against cyber-intrusion. The Washington Post reports:
President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems.
The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies -- including ones they have not previously monitored.
Published reports suggest the directive is merely an assignment of responsibility to the NSA to take the lead in this area. "Until now, the government's efforts to protect itself from cyber-attacks -- which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data -- have been piecemeal."
But the $64,000 question is whether the directive is the opening shot in attempts to expand the scope of Internet surveillance as well. The backdrop of the classified directive is a much wider policy debate over the extent to which information defenses should be erected around America. The Wapo story continues:
The initiative foreshadows a policy debate over the proper role for government as the Internet becomes more dangerous. Supporters of cyber-security measures say the initiative falls short because it doesn't include the private sector -- power plants, refineries, banks -- where analysts say 90 percent of the threat exists.
This debate first hit the public when Director of National Intelligence Mike McConnell told the New Yorker that America was under constant and growing cyber-attack. Tom Donahue of the CIA then alleged hackers had already penetrated a number of power systems outside the U.S., and Alan Paller of the SANS Institute, a crisis-center organization for hacked companies, claimed "hundreds of millions of dollars had been extorted" from online gambling sites, e-commerce sites and banks.
In the face of such a threat, McConnell wanted a broad power to monitor Internet activity in order to defend American information networks. Not everyone was willing to accept this grim assessment. Bruce Schneier, a well known expert in cryptography and information security, thought Donahue's and Paller's narrative was full of "rumor" and "hyperbole". There were threats, no doubt, but Schneier wanted "a little bit more information" before deciding whether the surveillance powers McConnell demanded were justified by the severity of the intrusions.
Expect this issue to come to the forefront of the debate as the broader cyber-security plan is presented to the public.
The idea of cyberwarfare has become mainstream. Why it's even on the news. A group called Anonymous is threatening its enemies. Beware.
Did you like "Alien Versus Predator"? How about Anonymous versus Scientology? And how long before we see the Internet Haganah Versus the CyberJihad? Oops. That match has been running for a long time. And ... just in. Denial of service attacks on Scientology sites are being reported ...
What are the odds the hue and cry over the danger of Internet threats and Anonymous are unrelated? I considered the question and concluded that I just don't know. The dangers of cyberwarfare are objectively serious, but how serious? We now live in a time when memetic warfare -- creating ideas which have physical effects -- is no longer a figure of speech. In the beginning was the idea. And the idea took shape.