If you think it’s the role of the U.S. government to provide and enforce cyber security, be warned:
“The cavalry isn’t coming,” according to recent remarks by retired four-star General Michael Hayden. Rather, he said, private industry is filling the void.
“I believe that, in the cyber domain, the main faction that will protect us is not the government. It’s industry,” Hayden said in November at the Ingram Micro ONE conference in Las Vegas.
As the former director of the Central Intelligence Agency (CIA) and the National Security Agency (NSA), Hayden should know what he’s talking about.
During his address, Hayden spoke on the need to adapt to the ever-changing informational landscape and the dangers, risks and potential rewards of America’s cyber security situation. He said some of his concerns are outlined in his coming book “Playing to the Edge: American Intelligence in the Age of Terror” that is based on his experience as the only person to have ever led both of the country’s premier intelligence agencies.
He said that amid “tectonic shifts” across the globe, private industry rather than the U.S. government will ultimately fill the cyber security role. Moreover, he predicted, the U.S. government will be permanently late to protecting U.S. citizens in the cyber domain.
Hayden painted a troubling picture of the current threat landscape. Nations play less of a role than sub-nation groups and even individuals who are raising terror and committing cyber-crimes across the Internet and associated IT infrastructure.
Hayden conceded that the U.S.’s NSA operation can also be viewed as a kind of interfering hackers, noting that we are really good at stealing information. But, he added, “We steal information to keep you safe and free. We don’t do it for profit.”
Last year, he agreed along with the last two NSA directors and Apple CEO Tim Cook on resisting a demand from the FBI that the company help break into an iPhone owned by one of the San Bernardino terrorists.
Doing so, Cook said, would require the company to create a digital version of a “master key” for all iPhones, and that could expose millions of owners worldwide to dangerous intrusions.
“The implications of the government’s demands are chilling,” Cook said at the time. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
Hayden said he was not worried about the Constitutional argument of forcing Apple to cooperate (he said he believes the government has the right to force Apple to open the phone), but was worried about future security of the US population if it did so.
Think of it like calling the cops when a burglar is breaking into your home, he suggested. You might not mind them shining a light on all your bushes to find the criminal, but you might not be happy with the digital equivalent.
Hayden said society is just beginning to have a conversation about what we want government to do to protect us in the cyber world. Part of the problem, he said, is having a vocabulary that describes it. For instance, then-President Obama described the attack on Sony by North Korea as “cyber vandalism” — a term Hayden doesn’t like but has nothing better to describe it.
Hayden said all businesses are potential victims. At the enterprise level, he particularly warned that energy and financial markets, by the nature of their businesses, have to be exposed in order to do their jobs – making them some of the most common targets of attacks. Businesses like that are outward focused and cannot afford to move into “bunker” mode and survive.
And for small-to-midsize businesses, he suggested they can more effectively safeguard themselves by moving workloads to the cloud — where economies of scale kick in. “Move to someone who can do security at scale,” Hayden asserted.
Hayden became director of CIA in May 2006, capping a career that included nearly 40 years in the Air Force. From 2005-06, he was the country’s first principal deputy director of national intelligence and the highest-ranking military intelligence officer in the country. From 1999-2005, he served as the director of the NSA and chief of the Central Security Service after being appointed by President Clinton.
During his military career, Hayden served as commander of the Air Intelligence Agency and director of the Joint Command and Control Warfare Center. He served in senior staff positions at the Pentagon, at the headquarters of the U.S. European Command, at the National Security Council, and the U.S. Embassy in Bulgaria. He also served as deputy chief of staff for the United Nations Command and U.S. Forces in South Korea.
Hayden currently is a principal at the Chertoff Group and a distinguished visiting professor at George Mason University’s School of Policy, Government and International Affairs.