Question: What does progress toward U.S. cybersecurity have in common with a package of week-old Swiss cheese?
Answer: They're both riddled with holes, and starting to stink.
Say "cheese," Mr. President
As a candidate, Barack Obama said his party's priorities included improving America's electronic warfare capabilities and shoring up its cybersecurity. Within weeks after winning the election, the Center for Strategic & International Studies (CSIS) did its part for the president-elect by laying out a roadmap for how we could get to Point B (national cybersecurity, both public and private) from Point A (cyber ... insecurity).
Building on the Bush administration's $15 billion Comprehensive National Cybersecurity Initiative, CSIS argued in favor of improving the cyberdefenses of both government and private companies, ensuring that Internet access to water utilities, electricity, telecommunications, and other critical infrastructure would be safe from foreign malicious code. Defense hawks and defense investors, cheered. But what came next?
All talk, no action? If only.
For the most part, nothing happened. Nothing good, at least. Reports began to surface that more than 18,000 cybersecurity breaches had occurred within the federal government in 2008 alone. Chinese hackers allegedly broke into computers at Lockheed Martin (NYSE: LMT) and several of its key subcontractors, brazenly making off with reams of technical data on its new superfighter, the F-35 Lightning II. And of course, there was the laughable incident of the Iraqi and Afghan insurgents who used a $26 software program to compromise secure transmissions from our unmanned aerial vehicles in combat.
These stories faded away with little comment from the administration. Until now.
Finally, a little talk
On Thursday, the government finally revealed some information about its grand plan to combat hackers: Meet project "Perfect Citizen." Under the direction of the National Security Agency, the government intends to deploy special sensors throughout public and private computer networks with the aim of detecting "unusual activity" indicative of a coming cyber attack.
NSA has already awarded a $100 million contract to cyber-expert Raytheon (NYSE: RTN) to begin Phase 1 of the program, and other companies are already gearing up to join the gold rush. Government contracting stalwarts Northrop Grumman (NYSE: NOC), L-3 Communications (NYSE: LLL), and SAIC (NYSE: SAI) already have cybersecurity divisions up and running. Privately held Keyw Corp. filed for an IPO just last month. Yesterday, the very same day the administration announced "Perfect Citizen," Boeing (NYSE: BA) let slip that it's beefed up its own cyberoperations with the purchase of privately held Narus. (What great timing.) It seems the government is finally ready to open up the purse strings and get serious about fixing a serious threat.
It's about dang time
I think it's about time. So does the Pentagon. (One military official called Perfect Citizen an idea "long overdue.") I suspect that if you asked Google (Nasdaq: GOOG) -- subjected to a massive Chinese hack-attack in January – it would say it's about time the government "did something" as well.
Privacy advocates, of course, will disagree. You can expect a hue and cry about "Big Brother" invading our privacy. But what little we know about the program suggests this fear is more molehill than mountain.
For one thing, the system is described as being not "persistent" -- suggesting it would only be activated in the event another source warned of a cyberattack. For another, a system designed to prevent hack-attacks seems unlikely to violate privacy of correspondence, per se.
Most such events in recent years have taken the form of denial of service attacks, attempts to gain access to secure networks, and similar "010101 code-based" activity. If that's all NSA is on the lookout for, it's unlikely they'd use it as a pretext to track your book purchases on Amazon, monitor how much time you spend on Huffingtonpost.com, or read email from your Aunt Maude, updating you on the health of her hemp farm. The PATRIOT Act, this is not.
That said, I fear the government isn't helping its case with the details it's released so far, or rather, the details it has not released. Raytheon's contract, for example, was stamped "CLASSIFIED." Officials at NSA and Raytheon declined to comment when asked by The Wall Street Journal to elaborate on just what Perfect Citizen entails.
A modest, Foolish request
So far, all we really know has been gleaned from an internal Raytheon memo, which confides that "Perfect Citizen" aims to "secure Infrastructure critical to our National Security." Well and good.
But at the risk of sounding hopelessly libertarian, I really do hope the government tells us more about this program's aims, and soon. The more we know what NSA's ether-bugs will not be listening to, the more willing Americans should be to accede to it. The more we know what "Perfect Citizen" does do, the better we can guess which companies are best suited to implement it, and thus which to invest in.
