Cyber Security: Time for Us to Quit Spying On Ourselves And Be Ready for the Real Threats

Posted on November 21, 2014


In its quest to see all and know all about us, the government has made it easier for our enemies to do the same.

Here we go again: Admiral Michael Rogers, who heads the NSA, has just told Congress that China and “one or two other countries” could take down critical parts of our infrastructure in a cyber-attack. As CNN’s Jamie Crawford reports, the US has already found malware on various systems “that affect the lives of every American.” Pretty scary stuff, I think, and unfortunately, it isn’t new.

While I’m sure that Admiral Rogers is sincere in his concerns about foreign cyber-attacks, he needs to look to his own agency’s role in weakening our defenses. Yep, you read that right: the National Security Agency, which one might think was primarily concerned with national security, actually has a record of intentionally weakening our cyber-defenses for the sake of making it easier to spy on… well, just about everything, but that includes all of us.

Admiral Rogers’ announcement to Congress comes on the heels of media reports of spy planes that intercept just about everyone’s cell phone calls, but that’s only the latest in a long progression of information-gathering and hoarding by the US government. Anyone remember John Poindexter’s brilliant frightening Orwellian brainchild for the “Total Information Awareness” (TIA) database? This was his vision of a vast data-collection dragnet, proposed in the wake of 9/11, that would suck up everything from communications to travel itineraries to internet activity to bank and credit-card transactions. While TIA was later supposedly squashed due to Congressional unease, it seems that it never really went away. So here we all are, being trawled in a gigantic electronic surveillance net.

There is a big problem with this approach, and I don’t just mean the Constitutional issues (Fourth Amendment, anyone?). It’s also just not good intelligence collection, and it sure isn’t good national security.

First, there was (is?) the issue of cutting holes in our own cyber-security to peep through. Obviously, if the NSA can peep through these holes, so can our enemies.

Second, such a massive vacuuming up of everyone and everything’s data means that there is an enormous amount of background noise to sift through, and despite the fact that our intelligence services have bloated insanely over the past decade or so, we still have a finite ability to pick the real threats out of all that background noise.

Oh, sure, there are algorithms and keywords and automated sifting of the data looking for certain patterns, but no machine is perfect in matters of human affairs; there always has to be human intervention, human eyes watching, human minds judging. And the more Joe-Average-Public crap they vacuum up and have to deal with, the fewer resources they have to train upon our real enemies. You know, the ones putting creepy malware on our critical infrastructure systems.

This brings me to a related gripe, and that is that we automate way too much these days, gleaning little benefit but introducing all kinds of glitchy problems as well as raising the specter of possible cyber-attacks. There is too little manual back-up on too many critical infrastructure systems, and there are too few people who would know how to use them anyway. That is a mistake. Computers are not infallible: we have computerized drive-by-wire cars that occasionally go haywire; we have GPS navigation systems that give us unusable routes; we have malfunctioning voting machines that produce questionable numbers; malfunctioning airline computer systems strand travelers, while in the air, fly-by-wire systems sometimes endanger flight safety (to put it mildly).

Despite the demonstrated drawbacks, we do love our high tech. We continue to automate more and more of our environment, including our own homes. Our new house has networked thermostats, of all things. Why I would need to be able to adjust my thermostat from Timbuktu, I have no idea. As for networked security systems, no way. Check out how Russian hackers intruded into homeowners’ security systems in this article by Ruth Reader. The more that we are connected to any kind of network, the more vulnerable we are to such attacks.

So here’s a wake-up call: we all – citizens, managers of water-treatment plants and power stations, banks, stores, hospitals, 911 call centers, all of us – need to have old-fashioned, analog, non-electronic backups for everything important, from automotive steering to navigation to nuclear power plant control systems. I know I’m crying in the wilderness here, but it dates back to my military training in the waning days of the Cold War, when we were prepared to operate in a post-nuclear environment in which a lot of electronic stuff would have been fried. It would be a lot harder today with so much more of everything being computerized.

I have never been more impressed than when I was standing in line to check out at a hardware store when the power went out, and the cashier simply pulled out a carbon-paper receipt pad and a manual credit-card machine, and started checking customers out with pen and paper. Too few of us can do this in our own areas of expertise; there is only automation, or nothing. That is a recipe for disaster.

As for you, NSA, if you’re still cutting convenient little holes in our security for purposes of peeking at us – you should stop now, and pay attention to the real threats out there.