Homeland Security Watch

News and analysis of critical issues in homeland security

October 18, 2010

Shall We Play A Game?

Filed under: Cybersecurity — by Jessica Herrera-Flanigan on October 18, 2010

In the 1983 movie WarGames, a teenager/hacker named David Lightman breaks into a military computer and challenges the WOPR  (War Operation Planning Response) supercomputer to a game of  Global Thermonuclear War.   The result? A nuclear war simulation that nearly starts World War III as WOPR convinces the military that Soviet nuclear missiles are inbound and that the USSR is staging an attack on the U.S.   In an attempt to get WOPR to stop playing the “game,” the computer is directed to play tic-tac-toe against itself.  The computer learns from this exercise the concept of futility as its tic-tac-toe games end in draws.  The computer then stops its game, noting to its human observers, “A strange game. The only winning move is not to play. How about a nice game of chess?”

Watching the movie this weekend on Netflix reminded me of our nation’s efforts to achieve cybersecurity.  Reports this past week made me wonder if, perhaps, those efforts are much like a game of tic-tac-toe or Global Thermonuclear War.  Last week, the Government Accountability Office issued a report that raised concerns about the Obama Adminsitration’s implementation of recommendations included in the White House’s 2009 cybersecurity review. The GAO noted that of the 24 recommendations laid out by the review, only two have been fully implemented – the appointments of Howard Schmidt and a privacy/civil liberties official.

The GAO found that some progress had been made on 22 of the 24 recommendations but concluded that

[o]ur extensive research and experience at federal agencies have shown that, without clearly and explicitly assigned roles and responsibilities and documented plans, agencies increase the risk that implementing such actions will not fully succeed. Consequently, until roles and responsibilities are made clear, and the schedule and planning shortfalls identified above are adequately addressed, there is increased risk the recommendations will not be successfully completed, which would unnecessarily place the country’s cyber infrastructure at risk.

Defining roles and responsibilities is not an easy feat.  Since 1996, when President Clinton first took a comprehensive approach to critical infrastructure protection and cybersecurity by putting it on the government’s radar, there has been a struggle on who should be responsible for cybersecurity. That effort was recreated/repeated when President Bush issued a national strategy in 2003 and then, again, in 2008, created the Comprehensive National Cybersecurity Initiative (CNCI).  Thus, the 2009 review referenced by the GAO was not the first effort in what seems to be a continual game of tic tac toe.

Part of the problem is that cybersecurity is present in so many different areas, requiring (seemingly) various agencies to be engaged.  When the Department of Homeland Security was created, many of the government’s cyber efforts were merged into the new agency, though many agencies chose not to transfer over elements that would have made the new Department’s cyber efforts stronger.  The result?  DHS, while improving, continues to struggle with its efforts to lead on the cybersecurity front,  especially as it does not have explicit authority to tell other agencies what to do on the cyber front, especially with regards to private sector engagement.

I’ve written several times about the struggle between DHS and the Department of Defense for leadership of the nation’s cybersecurity efforts.  Last week, Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced that the two agencies signed a memorandum of agreement to better protect against threats to military and civilian computer networks and systems.  The agreement calls for DoD cyber analysts to work with DHS to support the National Cybersecurity and Communications Integration Center.  In addition, a DHS senior staffer will be detailed to NSA.  While promising, the skeptic in me hopes that we do not see a repeat of the National Infrastructure Protection Center “sharing” experience of the 1990s where the FBI and the Secret Service joined efforts on cybercrime and infrastructure protection, only to see the Secret Service to abandon the NIPC over operational differences.

So is our cybersecurity effort futile?  Unlike Global Thermonuclear War, it is not the case that “the only winning move is not to play” on the cybersecurity front unless, of course,  one advocates an impossible-to-achieve Luddite-approach to unplugging our society from computers.   If we can realize that total elimination of cyberthreats is impossible and that our efforts should be to focus on how to mitigate potential threats and risks as much as feasible and imaginable, then we may continue to make progress on the cybersecurity front.   I’ve noted before that the Obama Administration appears to have the right people in place.  With expectation management and a commitment to not repeat past mistakes, we may just see an end to the cybersecurity tic-tac-toe.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

4 Comments »

Comment by William R. Cumming

October 18, 2010 @ 11:49 am

Great post Jessica! Personally I would argue that cyber security represents a huge failure by this Administration. Also it was a principle rationale for formation of DHS [I would list it as DHS’ number two priority after WMD policy and issues} but others might differ. My guess is that the three ageing lawyers put in charge of DHS like myself grew up in a world with few SCADA systems and processes and few computers and just don’t get “it”! And GAO again pulls its punches with the ever present “some progress” when in reality almost none. Revealed earlier today is the Executive Branch as over 1000 more data centers than the computer security types at OMB realized. Another 1000 ports of entry for cyber mischief?

And just to note for the record there was a sequal to WAR GAMES that you might want to take in. Interesting take on the issues after a decade following WAR GAMES produced.

Comment by John Scoggin

October 18, 2010 @ 2:16 pm

Considering the fact that the DoD was unable to prevent a young E-4 from walking out the door with a bunch of DoS messages off the SIPRnet, I find the idea that they can tell anyone that they will keep our networks safe a remarkable case of chutzpah.

And take one look at an audit of DHS agency security and you find that they are every bit as incompetent…

Sad but true.

Comment by Dan O'Connor

October 18, 2010 @ 3:23 pm

Thanks Jessica

Echoing the other two posts; In June 2009, very quietly mind you, someone or something somewhere released a computer virus called Stuxnet. It was rather large for a virus, but no one noticed as it slipped into cyberspace and began infecting its way around the world. Apparently the degree of its sophistication also went largely unnoticed.

One year later, the virus — or more appropriately labeled, worm, “did something in Iran”. It’s not clear what it did, but this time, a lot of people noticed. Because Stuxnet, they say, changes everything.

Iranian officials have decried Stuxnet as an act of “computer terrorism” perpetrated by the “domineering powers.” Is this the new era of warfare? Clearly in a networked world this should not necessarily be a surprise. What is the surprise is experts, perhaps dismissive or partially unaware now believe the worm’s potency and sophistication point to a possible state-sponsored cyber attack…What if it isn’t state sponsored? What if this is the only one we are aware of? What of our SCADA?
SCADA generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes.
Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and those that run in continuous, batch, repetitive, or discrete modes are extremely vulnerable.. If JOSHUA is out there, I don’t think anyone would be surprised.
The truth of the matter is our overreliance on technology and systems creates one vulnerability while our ever growing or pursuit of food and manufacturing “singularity” creates another, both thereby further eroding our potential resilience.
Challenging times lie ahead!

Comment by Game Over: The Upside Down American Flag As We Are In Distress, Much Peril!

October 19, 2010 @ 10:26 am

With the race to the colonization of the moon very much engaged by our Chinese neighbors especially and the astuteness in Chinese foresight very apparent in so many sectors involving business and technology as well as military ops as their nuclear subs are just off the Atlantic and Pacific, China’s scientists and engineners are very keen on assuring the security of China and its people as evidenced by its ongoing commitment to science and technolgy achievements and programs – its devotion to science and technology acknowledging the reality of the near-term and future….

China continues to graduate scientists and engineers far more than we here in the west at the same time we see the US President and First Lady downcasting the competencies of public education stating that public education is not suited for their own daughters!

Unless we truly understand that the 160+ universes beyond our own carry much promise in a universe constantly changing and knowledge is a necessity for our beloved Republc and our most charitable people and the need to educate our young if we are to understand the requirements of the game!

We must demand clarity in accountability, to make everyone responsible in providing a good education to enable us to compete which we presently are not, we will continue to slip by the wayside and not only will we be vilnerable to catastrophic cyber attack, but we will be dominated by others who understood the relevancy of understanding why education, technology and fiscal and pshysical security depend on our decisions today!

We are facing deflation, we are 13 trillion fed notes in bankruptcy and it is apparent that Barry Obama replacing the bust of Winston Churchill wih Martin Luther King says much…we can never replace Winston Churchill with anyone and in fact, we need him to return promptly for both sides of the aisle have been corrupted by self agenda and self importance….

When I saw Barney Frank’s partner outwardly harassing “Mr. Barney’s” only opponent who has every right to run for office and make his candidacy and ideas known to we the 4th MA Congressional District constituents…it said much for the arrogance and disrespect towards one another today here in the United States is our demise and the Chinese nor the “KGB Putinites” nor the “Brutes of Tehran” not AQ or the Taliban have much to worry about us for it is quite evident that we have failed our youth in properly educating them and we have failed ourselves for we have allowed India and China and now an emerging Germany to outpace us in every way….

Shall we play a game? We have no way to play the for we are turning out youngsters from high school who have little penmenship or spelling competency and when the ATM’s are down, the electric grid is attacked and we are held hostage…then at that moment we would have realized that the other side really knew how best to play the game and just as we gave manufacturing away, we will have given our freedom away as well –

While I have always been an advocate for federally funding First Responders as local communities tax revenues contnue to erode as we fall back into recession, the double-dip and worse, this nation should do its utmost to recruit the best minds and focus on bio/chem defense as well as cybersecurity as well as continue Jack Kennedy’s dreams into the universe and beyond as the knowledge we attain will assure our dominance and security – it is this vigilance and commitment to diligence, to raising the bar for all to strive to attain which will protect us and assure our rightful place under God into the latter part of this 21st century and beyond!

We do not know how to play the game or it would be us who has stockpiled precious metals and resources, not the Chinese. If we truly knew how to play the game, it would be us who would be graduating more scientists and engineers than the Chinese and if we knew how to play the game, it would not be the Chinese who hold our fed notes and we are so indebted to for while the west has been so immersed in itself, the Chinese have scientists and engineers running its nation, not Freddie Mac and Goldman Sachs fellas at the helm whose partners openly harass opponents who are merely asserting their Right to share with the voter what solutions they have to offer to a nation gridlocked by those lusting for power and kids who cannot spell or write.

We have lost the “game” because qwe lost our edge and “Mr. Barney” and “Smug-skiled Pelosi” and you Barry, supported by the good ol fellas of the beltway, well, with your social and law degrees did you really believe you would be able to show up the scientists, engineers and researchers – Game over!

I fly the American flag in front of my house upside down these days not because my Love for nation has been lost, but because we are in distress, great peril and I suggest to my fellow good American neighbors that they too, fly the American flag upside down to depict how we really perceive Washington and Town Hall on Main Street USA. The only “change” we have sseen Daval Patrick here in Massachusetts at least is the last of our change stolen fom our pockets!

Christopher Tingus
PO Box 1612
Harwich, MA 02645
chris.tingus@gmail.com

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>