Cyber Security: Space Race of the 60s According to Cyber Expert Interview

This was written by Brynn Koeppen on Tuesday, June 30, 2009, 13:23.

Sami Saydjari, founder and President of Cyber Defense Agency and a former NSA fellow with more than 20 years in the field of cyber defense, spoke with The New New Internet regarding the future of cyber security. Comparing Obama’s new emphasis of cyber defense to the space race of the 50s and 60s, Saydjari also agrees with the President of INSA Ellen McCarthy in that  the private sector’s input is  crucial in solving the cyber problems of the US.  Saydjari applauded President Obama’s commitment to make cyber security a national priority and also reflected on the Bush administrations cyber security  policy. 

The New New Internet:  Will President Obama’s plan bring change to our nations cyber security and what will be the role of contractors in the private sector in the next couple of months or years?

Sami: The five elements of Obama’s plan are excellent. President Obama’s speech on cyber security and placement of it as a national priority was historic. I am elated by his speech.  My concern is that the national cyber coordinator appears to have insufficient power to accomplish the job. I am also concerned with a lack of specificity on how private sector is going to play into the Defense’s. For example, the private sector who owns the critical infrastructures such as electrical power, banking, telecommunications, oil & gas, what I think of as the hypercritical four, need to be intimately involved both in the planning and the execution of the defense of our networks against foreign incursion. There doesn’t seem to be a plan to involve them in detection and the repelling of cyber space attacks, something that is absolutely essential. There is a need for the development of a strategic cyber defense operations plan for multiple attack scenarios. It’s a strategic error not to have it.   It would also not be reasonable to ask the private sector to bear the entire cost of the defense; we have to find a way to subsidize this kind of involvement both from a planning and a protection infrastructure perspective. 

The New New Internet:  The Chief Security Officer of Oracle, Mary Ann Davidson, mentioned that the President should approach cyber security as America did with the Monroe Doctrine.  What do you think?

Sami:  I think it is a reasonable idea.  The notion of having consequences for cyber space incursion such as espionage and sabotage and having real consequences both diplomatic and military makes a lot of sense. I like Mary Ann’s analogy but I would draw an analogy more to America’s policies on the space race back in the late 50’s and 60’s. We have seen some very sophisticated activity by China and Russia in particular and I think we should view the activities that we have seen as a cyber Sputnik. We have a cyber space race that is ongoing.  We need to recognize that the competitiveness of our country rests on having a significant capability to defend and operate in cyber space in the same way that we needed to do back in the 50’s and 60’s.  I think we have not responded with that degree of vigor and vision that we did to the space race and that’s what’s lacking at the moment.

The New New Internet:  How should  private companies start preparing for the cyber security market?

Sami: Private companies should start thinking more strategically about their defenses.  There are lots of widgets out there; firewalls, virus detection tools but a top down strategic approach is lacking for the defense of the private sector mission.  They should be thinking about continuity of operations and cyber attack scenarios that could significantly interfere with their company’s mission and that could kill the company. They need to be more strategic in better investing their money for defending against normal attacks; standard criminals and organized crime.  They also need to need to understand their role and help the country defend itself in the event of an extraordinary attack.  They need to work with the government on models in developing the capability. 

the private sector who owns the critical infrastructures such as electrical power, banking, telecommunications, oil & gas, what I think of as the hypercritical four, need to be intimately involved both in the planning and the execution of the defense of our networks against foreign incursion. 

The New New Internet:  How does the Bush Administration’s cyber security attempt compare to Obama’s current path?

Sami: Back in February of 2002 right after the 9/11 attacks fifty leaders in the cyber security field including an ex-director of the CIA, an ex-director of the NSA, and an ex-director of DARPA all wrote a letter under my auspices to the President of the United States warning him of a strategic vulnerability and the need for a strategic plan to defend our country recommending a cyber Manhattan Project to begin immediately.  The Project was never started. The last twelve months or so the Bush Administration began the National Cyber Initiative. It was pretty late in the game and was insufficient. We still have quite a ways to go in planning and defending ourselves with the very good plan that Obama said in his speech. 

The New New Internet:  Can you talk about what cyber security should look like in five years? 

Sami: We need to do a national strategic cyber risk assessment because there is tremendous disagreement and argument about the gravity of the situation.  One can not come up with a good national strategy that is effective without understanding the problem. We need to settle the national debate. We can’t wait. The second step is to form a national strategy, one of the five key elements of President Obama’s plan. The one we have on the books is totally insufficient to defend against potential attack scenarios such as the ‘Dark Angel’ Scenario.  The third element needed is cyber defense capabilities.  If you look the nuclear threat, we have a warning line in Canada and the northern United States to take over launches.  We need to have a similar capability for cyber security. There will be multiple agencies involved in such a development and there needs to be orchestration from the White House.

The New New Internet:  What will be the role of the Cyber Coordinator? 

Sami: The role is going to be purely a coordination role as opposed to an orchestration and directing role.  They have no budgetary authority; bureaucracies will ignore this person because they have no real authority. I see this person as having a role trying to define the cyber security vision; I’m hoping they will appoint someone who has at least twenty-five years experience in the field. They are going to have several false starts, frustrations, it will take us a year or two and then people will realize that this position needs budgetary authority and direction authority. This coordinator could do a valuable service for the country such as creating a national strategic cyber risk assessment. Valuable work can happen with this coordination position but ultimately the Administration will have to invest with much more power than originally invested because it will be necessary to defend our country.