Cyberattacks and keyboard complacency: A lesson about spying

What the KGB taught us about cyberwarfare — and what we should do now

"The culprit is American complacency, the tendency to assume that the Russians are technically inferior to us and that we can handle them.''

— Former Defense Secretary James Schlesinger in 1988

History is instructive, even events from prehistoric days, meaning the era before the Internet and email. We're referring to the 1980s, when the United States lackadaisically permitted Soviet workers to construct a new U.S. Embassy in Moscow. Over time, the State Department and White House caught on to fact that their Cold War foes at the KGB had hatched an ingenious plot to embed electronic bugging equipment in concrete and elsewhere in the structure.

At great cost and humiliation, the U.S. admitted that the new place was so infested, it could never be cleared and used. The building was rebuilt before ever being occupied, while the Soviets were prevented from occupying their own new embassy in Washington until the redone U.S. chancery opened.

Schlesinger, brought in to consult on the mess, wrote a report in which he intoned: "We have failed to anticipate the boldness, thoroughness and extent of the penetration."

Another excerpt: "We must constantly train and equip our people and upgrade our technology to meet these ever-growing and ever-changing challenges. Eternal vigilance is the price for continuing security."

Hmm, maybe some folks in Washington need to dust off that report. It stands up well, especially if you replace the verb "bug" with "hack."

We're thinking this after hearing Secretary of State John Kerry acknowledge in an interview with CBS News that he assumes foreign governments — specifically the Chinese and Russians — are reading his emails. So he writes them with that in mind. ("Yo Vladimir," we imagine Kerry adding as a P.S.)

Kerry told CBS' Scott Pelley that he was well aware that spying is a fact of life in international relations. "Unfortunately, we're living in a world where a number of countries, China and Russia included, have consistently been engaged in cyberattacks against American interests, against American government," he said.

Kerry's right, but his offhand acknowledgment bugs us — sorry — because it adds to growing evidence that the U.S. mindset is one of engaging in a technological war it's not sure it can win. That when it comes to sophisticated means of espionage, Schlesinger was right when he warned: They're clever and we're complacent.

Consider what we've all read recently:

•The U.S. acknowledged in July that hackers broke into the Office of Personnel Management, gaining access to information on 22 million people. Officials say it's the work of Chinese government cyberspies, who got names, Social Security numbers, the identities of family members and friends who gave references and more. Perhaps the biggest concern: The Chinese will be able, through process of elimination, to figure out which American officials stationed in China work for the CIA.

• Unidentified Russian hackers broke into an unclassified email system used by the Joint Chiefs of Staff, NBC News reported this month, saying it was "clearly the work of a state actor." The email network was down for two weeks. There have been at least two other recent reports of unidentified Russians breaking into unclassified (but supposedly secure) Pentagon and White House networks.

Like all matters of national security, most of what goes on isn't discussed publicly, so we can't assess America's capacity and commitment to waging and defeating cyberwarfare. We presume the U.S. is working hard to combat hacking while simultaneously upping our own game at infiltration, because that's how it works. Maybe our spies are the pros and theirs are the amateurs. Maybe, that is, we give better than we get.

What worries us is, what if that's not true? We don't like the idea that these recent and evidently serious hack attacks expose a deeper flaw than poor security on a few less-sensitive networks. Nor do we enjoy asking whether the U.S. is vulnerable because on a strategic basis the Pentagon and intelligence community still think too much about fighting conventional wars and covert ops — and not enough about unseen enemies sitting at distant keyboards, where they may strike at dams, bridges and satellites.

Next month, when Chinese President Xi Jinping visits Washington, we might expect to hear President Barack Obama bring up the subject of hacking and cyberwarfare. But that's not where the action should be. It's fine for the two presidents to discuss this as heads of state. But we want the U.S. to focus first on deflecting — defeating — the real and present danger of rapidly evolving cyberwarfare.

Meeting that challenge requires technology and diligence. From the outside, it appears that the administration and its agencies are too laconic, too willing to cede equality in a fight the U.S. should win.

If prevailing means the administration has to remodel some of our intel infrastructure and seek extra resources to keep America's secrets secure, so be it. That was the lesson a chastened Washington learned from the embarrassment in Moscow those many years ago.

Copyright © 2017, CT Now
71°