Television shows exaggerate reality, but often the exaggerations grow from a seed of truth. Case in point: A recent episode of the FBI thriller “Bones.” One of the least plausible shows that depict an actual entity, Bones in this show depicted 3D holographic forensic computer programs; and a computer from the 1960s with vacuum tubes that’s (inaccurately) no bigger than a small refrigerator. Plus a hacker character who has reprogrammed his surveillance ankle band, on house arrest because he has 1) managed to shut off the entire Defense Department network for three hours and 2) bring down the entire Senate cyber structure.
It’s a silly show (unlike the CIA-simulating series “Homeland”) yet it does contain a reality-related phenomenon, namely, a hacker who succeeds in negatively affecting federal networks.
But if Hollywood likes to play on fears that exist in the real world, then its writers should check out the latest report from the U.S.-China Economic and Security Review Commission report. Basically, it depicts a doomsday scenario possibility based on the growing cyber warfare skills of the People’s Liberation Army. As an aside, I was surprised to find, in a 1-2-3 Google search, that the PLA maintains a cheerful English web site not unlike Army.mil in tone and layout.
Anyhow, the Commission contracted it’s study to Northrop Grumman, which has a large federal cyber security presence. It’s basic conclusion: “PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively.” The authors say Chinese capabilities are sufficient to pose a “genuine risk to U.S. military operations in the event of a conflict.”
One way the Chinese are developing this capability is by sophisticated war-gaming that includes use of blue-team opposition teams to better simulate a real warfare situation. They’ve used this technique for six years, but in recent years have refined it to simulate long range air raids. My comment: “Long range air raids,” as in, U.S. B-2 stealth bombers carrying massive ordnance penetrator (MOP) bunker-busters from Whiteman Air Force Base, Missouri and dropping them on Iran? Just sayin’.
The Chinese cyber report doesn’t break astonishing new ground, it’s a good, if acronym-choked, reminder of why cybersecurity occupies an increasingly important niche in all areas of commercial and governmental life.
Just as the Commission published it’s report, the Senate seemed to take a step forward, than a step backward, in getting out new legislation for cybersecurity in the 21st century. In issue 98 I wrote this would be the year of cybersecurity, thanks to introduction of a long-in-gestation bill from the Senate Homeland Security and Governmental Affairs Committee.
Speaking about fights over the Surface Transportation Bill, Senate Majority Leader plaintively asked, “Why can’t we do anything without a fight?” He might have been also talking about cyber. Shortly after the bill came out, a group of eight Republican senators lead by John McCain came out with a counter bill.
The two bills have much in common, notably updating the Federal Information Security Management Act. They differ, though, on an issue sure to cause a long debate, namely, should the government regulate the cybersecurity practices of private sector operators of critical infrastructure, or not? So now it’s the Cybersecurity Act of 2012 (S 2105) from Lieberman, Collins, Rockefeller and Feinstein vs. the SECURE IT Act (S XXXX) from McCain, Hutchinson, Chambliss, Grassley, Murkowski, Coats, Burr and Johnson.
The administration opposes the latter bill, even though early on President Obama said he did not favor regulation of the private sector on cyber. But week before last, a retinue of national security and military advisors fairly marched on Capitol Hill to paint, behind closed doors, a lurid picture of what would happen if a major critical infrastructure was taken down in a cyber attack. The briefing may yet figure in an episode of “Bones.”