by David Silverberg
Monday, 01 November 2010
At NHDF symposium, the Light Brigade meets The Blob.
While one would-be terrorist was arrested for plotting to explode bombs on
the Washington, DC Metro and bombs were placed in parcels headed to the
United States from Yemen, far away in Colorado Springs, Colo., America's top
generals, the Secretary of Homeland Security and assorted other experts were
instead grappling with a phenomenon they couldn't define, deter or
defeat-the cyber threat.
An attendee at the annual 2010 National Symposium on Homeland Security and
Defense put on by the National Homeland Defense Foundation (NHDF), couldn't
be blamed for despairing for the future. If there had been conferences in
their time on "The Challenge of Mounted Barbarians to the Roman Legion," or
"The Prospect of Blitzkrieg and the Defense of France," the speeches, panels
and discussions would have likely sounded the same.
This one was titled "Setting Priorities: Solving future needs in Cyber,
Energy, and Critical Infrastructure" (capitalization and punctuation theirs)
and it was held from Oct. 27 to 29 at the Broadmoor Hotel.
Experienced readers have no doubt attended conferences like this one before.
The generals describe their commands, aided by a salvo of Power Point slides
but provide no genuine news or insight. Outsiders-usually academics or
industry executives--all describe the threat and its rapid expansion, duly
impressing the audience with its apocalyptic implications. All of this
descends in a cascade of data and information during very long days spent
sitting in one position punctuated by a few bathroom breaks and lots of
coffee to stay awake.
The overall impression left by this exercise was one of a thrashing,
flailing and befuddled industrial-age hierarchy desperately trying to fit an
amorphous phenomenon into its pre-existing categories and structures. It was
like watching The Charge of the Light Brigade versus The Blob. The
organizers no doubt didn't intend it this way but they could not have more
vividly exposed the inadequacy of America's largest security organizations
to the danger presented by iPhones, Blackberrys and Wi-Fi if they had tried.
Dale Meyerrose, a retired Air Force major general and currently a vice
president at Harris Corp., Melbourne, Fla., opened the conference by saying
that "cyber has provoked a lot of confusion about the possible, the do-able
and the probable."
No kidding-and the fog didn't lift over the next two days.
Nor was it as though the organizers hadn't put together some very high-level
talent: Homeland Security Secretary Janet Napolitano was there to do a
keynote and assure everyone that the department was doing its part to secure
cyberspace. Air Force Chief of Staff Gen. Norton Schwartz, surprisingly
academic in manner, did the same on behalf of the Defense Department. Maj.
Gen. David Senty, chief of staff of the US Cyber Command, and Rear Adm.
Michael Brown, deputy assistant secretary for cybersecurity and
communications at the Department of Homeland Security, added their weight.
Takeaway from all these heavyweights? Everyone is very serious about
cybersecurity. Very, very serious.
As for solutions, there were precious few.
A moment of light blinked on during one panel when Winn Schwartau, an author
and cyber warfare expert, put forward the idea that a "militia" model might
be the best means to counter a major cyber attack; i.e., that an army of
hackers, coders and developers might spontaneously mobilize to meet the
threat. That idea was roundly rejected by Samuel Visner, a vice president at
CSC, Falls Church, Va., who worried about the issues of command, control and
liability should such a legion of geeks take to the cyber streets.
That was about it for enlightenment. As usual with such conferences, one
could only conclude that we're all doomed but everyone is taking the threat
very seriously.
Solutions
I've always thought it unfair to criticize something without offering a
solution in return, so here goes mine.
Much of the difficulty evidenced in this conference was created by speakers
and officials attempting to fit a fundamentally non-military threat into
their familiar military frameworks. It was thinking inside the box to the
power of 10.
The concept of a cyber militia was at least a suggestion for a solution but
once again it was an attempt to work within a military metaphor.
I would suggest that a better metaphor is in the realm of disaster
response-after all, a cyber catastrophe would be a disaster on the order of
an earthquake or hurricane.
Since Sept. 11, 2001 we've seen several efforts to organize and train
citizen volunteers to render public service. There's the Citizen Corps on a
national level. In California, Gov. Arnold Schwarzenegger (R), recently
announced the formation of a Volunteer Corps. Schwarzenegger decided that
the natural inclination of citizens to aid and assist the afflicted during a
disaster deserved some structure and training and the Volunteer Corps was
born.
It would seem that in a cyber disaster a similar corps, given a modicum of
training and some standardization, could respond.
Most important would be the inculcation of shared values: Everyone in the
corps would have to pull in the same direction. A commitment to an open,
functioning and free Internet would be essential.
A Cyber Corps idea won't fit well into a formal military chain of command,
nor would it be neat and at times it would be disorderly but it would take
advantage of the inherently open and equal nature of the Internet to achieve
quick response and recovery in the event of a cyber disaster.
Based on the discussions and approach evident at this symposium, however,
that's not likely to happen any time soon.
The conference
As for the conference itself, it was smaller than in years past and
reflected the continued rocky road down which the Symposium and NHDF have
been going.
After outstanding conferences and trade shows in 2005 and 2006, the
Symposium has been declining in quality and value year by year. In its early
days it provided attendees and exhibitors with real value and was a
significant forum for new ideas in homeland defense.
Not only that, but NHDF seemed determined to be an intellectual force in
homeland defense. It sponsored a satellite conference at Georgetown
University and seemed on track to sponsor more.
But beginning with the 2007 Symposium it has been disappointing on nearly
all fronts and this year was no exception.
As far as the trade show was concerned, this year it only counted only 26
exhibitors and all of these were tabletops.
Clearly, NHDF, like everyone else, is struggling in a tough economic and
budgetary environment but it seems to be making little headway. It got big
names this year but produced little enlightenment. Case in point: On the day
after the DC Metro bomber was arrested Napolitano made no mention of it in
her speech and took no questions.
Analysis
When it comes to the cyber threat, it's clear that America's defenders will
continue to thrash their way forward but along conventional terms. It
doesn't give one much confidence in the future.
As in the past, the future of cybersecurity rests with millions of users
sitting at millions of computers. It's out there in the computer networks
that the threat resides, but in the inherently chaotic, democratic and
unstructured cyber world, it's also where the promise of a more secure cyber
world lives as well.
