Michael Chertoff, who was Homeland Security secretary under President George W. Bush, provides his outlook for the cybersecurity industry in the Nov. 18 issue of Bloomberg Businessweek. Chertoff, the chairman and cofounder of the Chertoff Group in Washington, a global risk adviser, is one of the featured speakers at Bloomberg LP’s inaugural “The Year Ahead: 2014” conference on Nov. 20-21 in Chicago.
What big threats are we facing?
Chertoff: Cyber. We have seen malicious tools found in our critical infrastructure. For example, there have been announcements about finding these tools in our natural gas pipeline. Where does it come from? Activist groups, potentially from countries or sympathizers of countries like North Korea or Iran. The second issue is a very dangerous situation in the Middle East. There is a possibility that the violence in Syria and Iraq is going to embroil the region.
What is the right course of action?
Chertoff: I wish we could press the rewind button and go back a few years. We had left Iraq in a relatively stable situation, but then we left. And that opened the door to a resurgence in violence.
Had we a year ago gotten more engaged in supporting relatively moderate opposition leaders in Syria, we might see a pathway to a resolution. Those opportunities have passed. Another strategy is to disengage, and that seems to be where we are headed. The problem is that we leave a vacuum. We need to develop a strategy for sensible engagement.
What about defense spending?
Chertoff: It looks increasingly like we’re going to have sequesters next year. But the way in which it is done across-the-board means you can’t be strategic about how you do the cutting. If you were going to be strategic about where we need to invest, obviously cyber, the ability to collect intelligence globally and to analyze and operationalize, remains very important. I want to make sure we’re continuing to invest in our navy and our air force, as well as our special operations and intelligence capabilities. I fear that the current budget constraint comes with the politics that make it impossible ever to close unnecessary military bases or perhaps cut back on military pay increases.
How much of cybersecurity is handled by the private sector?
Chertoff: A lot. The government does have some unique capabilities in the cyber area. The government’s ability to collect intelligence is a way of being able to warn our critical infrastructure about threats. This is a case where the government can’t protect all the critical infrastructure itself.
Could the Edward Snowden controversy impede the government?
Chertoff: It’s a real nuisance in terms of getting things done. The things that are now being released, and people are hyperventilating about, are leading to confusion or misunderstanding or sometimes deliberate distortion. It’s distracting us from being able to protect ourselves.
What do you see as the most disruptive force for the industry?
Chertoff: The budget uncertainty and lack of planning. Even some of the administrative things that have to happen to continue contracts or keep people working get disrupted by the government shutdown. If every three months there is a threat of a train wreck and everybody has to put their pencils down, nobody is doing the planning. It’s a waste of money.
Do you see the Department of Homeland Security remaining in its present form?
Chertoff: The basic outline of how the department proceeds is likely to be the same in the foreseeable future. I think it will be more investment in and emphasis on cybersecurity, because DHS ought to manage cybersecurity, obviously with the support of the Department of Defense and NSA [National Security Agency]. We have to be careful not to assume that because we’ve successfully prevented major attacks that the threat has gone away. We have deterred adversaries and terrorists because they think there’s a high risk of failure. So instead they go to Nairobi, and they kill people in shopping malls.
The next generation of terrorists — because it’s hard to do a large-scale attack — will focus on cyber-attacks, which you know they can carry out without being physically present, or on trying to recruit people in the U.S. to do Nairobi-style attacks. We have seen some examples of that: the Boston Marathon. They haven’t been carried out with a lot of skill so the impact has been bad, but it hasn’t been catastrophic. You’ll see continued emphasis on training and helping localities. That’s tough in a difficult budget environment, but important.
What will we be talking about in 2014?
Chertoff: The topic we don’t discuss a lot, and I hope we don’t wind up discussing it next year, is the possibility of a biologic attack. In 2001, with the anthrax attack, he killed people, but it was relatively limited. If he had chosen to put the anthrax in a New York subway, that would have been a much more catastrophic event. Unfortunately, there are people who do have that ability. That’s an area where we have underinvested. There are things we could do that are relatively simple.
What are they?
Chertoff: If someone weaponizes a biological agent, it’s very hard to keep it out of the country, because you could carry it in a vial. The good news is in many of the things we worry about, we have countermeasures. The problem is we stockpile them. The time it would take to distribute them is too long, and we would miss the window of opportunity to counteract these weapons by injecting people and giving them the pills.
The solution, as we said some years ago, was to predistribute them — if not to individual families, at least to every schoolhouse, firehouse, city hall in the country. That has not been done, because bureaucratically — I believe it’s the FDA [Food and Drug Administration] — believes that you shouldn’t dispense them unless people see a doctor first. By the time they see the doctor, they’re going to be dead. So this is a case where a business-as-usual approach to regulation is at war with common sense.
Since you’re immersed in this day in and day out, has it made you more nervous?
Chertoff: It doesn’t weigh on me personally, but I get frustrated when I think that the areas where we’ve made progress, we run the risk of backsliding. Anybody who believes it’s time to move on to another topic is not living in the real world.