America’s security could vanish in a flash. That’s how fast the cyberworld moves.
With a keystroke, power plants and our electrical grid could be shut down, trillions in financial transactions could be lost, or defense systems could go haywire. Trains and planes could crash, traffic lights go dark, life-saving hospital equipment could be shut down.
Foreign powers employ thousands of hackers who have spent millions of man-hours probing and planning. Nobody knows what might be pre-programmed and simply awaits the press of an key.
In light of these rapid developments, it has become clear that key upgrades to our cybersecurity defense systems are a must.
After a full two-year lull due to legal challenges, the next level of federal cybersecurity is finally getting underway. Called DOMino (for “development, operations, and maintenance”) it will merge the entirety of federal civilian cybersecurity into one coherent system, ending the scattered and conflicting programs now used by hundreds of different agencies. DOMino is under the Department of Homeland Security, adding to its “Einstein” detection system, which launched in 2008 to implement a National Cybersecurity Protection System mandated by Congress.
The $1.1-billion DOMino contract was awarded in Sept. 2015 to Raytheon, but a series of competitors’ protests and legal challenges kept it in limbo until the Government Accountability Office dismissed all the challenges in Oct. 2017.
Certainly, good government requires oversight, but our system is deeply flawed when a crucial element of national security can be delayed for two years.
Meantime, we’ve seen plenty of proof why such delays are deadly.
This month, we learned that Russia stole secrets from our National Security Agency — the very heart of U.S. intelligence systems. The theft happened in 2015, but only now has been revealed. We lost our secrets of how the U.S. defends against cyberattacks plus our methods for penetrating foreign computer networks.
Who knows what other national secrets are possibly being stolen today, but which we may not uncover for another year or two?
It could be like China’s phishing and hacking attacks, which pilfered the stealth technology we developed for the F-22 and F-35 fighters. This led to China recently unveiling its first stealth fighter, the J-20.
Perhaps the threat is greatest from North Korea, which has thousands of military hackers working tirelessly to penetrate critical American infrastructure and to be ready to disrupt them upon command.
Our adversaries are sophisticated. They don’t attack computer firewalls blindly. They identify individual persons who might be compromised or unwittingly provide a backdoor into our most-secure systems. Thanks to gigantic thefts of personal data, they can identify the names and even the home computers of persons at jobs with high-level access to sensitive material. Targeting home computers may let them download data or find clues to penetrating the employer’s systems.
Thefts of personal data involve much more than identity theft for profit. With the right computing power and software, which foreign intelligence agencies possess, they can sort, match, and data-mine vast amounts of data from major hacks such as these recent breaches:
Three billion Yahoo! email accounts
Equifax’s personal financial records of 143 million Americans
Personal data of 80 million Americans, kept by the federal Office of Personnel Management
40 million shoppers at Target
A treasure trove of corporate financial records hacked from the EDGAR filing system at the Securities and Exchange Commission
28 gigabytes of defense data left on an unsecured public website by a defense contractor
It was by identifying and targeting a key person that Russia stole secrets from the National Security Agency. That person had Russian-made Kaspersky software on his home computer, to which he had improperly copied NSA files. Rather than protecting his home system, the software made it vulnerable, enabling Russian spies to download NSA secrets.
Is it any wonder that Kaspersky software is now banned from all government computers? As the Wall Street Journal headlined in October, “Russia Has Turned Kaspersky Software Into Tool for Spying.”
We can only wonder whether some of the federal data breaches of the past two years might have been avoided if DOMino had not been delayed by bureaucratic red tape. The decision to move forward with this contract demonstrates this administration’s commitment to combat the very real cyber threat. It’s certain that we cannot afford any further delays; we need this extra protection, and we need it now.
Former Rep. Ernest Istook, R-Okla., is a contributor to the Washington Examiner's Beltway Confidential blog. He served on the House Select Committee for Homeland Security.
If you would like to write an op-ed for the Washington Examiner, please read our guidelines on submissions here.