Who Can Protect Us From Major Cyber Attacks?

The Pentagon, along with other government entities, has long been wringing its hands on the issue of which government agency should work to protect critical U.S. cyber infrastructure from major cyber attacks. For now, the DoD has indicated that it will focus on protecting military networks. 

However, a recent post over at TechCrunch, arguably one of the best news sites covering Silicon Valley, indicates that national security officials believe the government is overwhelmed by the prospect of defending the critical network infrastructure that keeps U.S. economy running.

The Government simply can’t innovate fast enough to keep pace with the pervasive threats and dynamics of the internet or Silicon Valley’s rapidly changing technologies. Indeed, as George Hoyem, a partner at the CIA-backed venture fund In-Q-Tel, noted, there has been a 571 percent growth in malware since 2006; today, 60 percent of all websites are infected.

OK, military cyber officials have lamented this fact for a long time. What’s truly scary is the following quote arguing that the tech industry’s titans aren’t even up to the task of defending our networks.

The experts agreed that we need private industry to step in and help solve the world’s cyber-security problems.  But we can’t count on the big companies—they can’t innovate as fast as startups can.  So our entrepreneurs need to lead the charge. And many are doing just that.

The problem is — and again, we hear this one all the time — that doing business with the government  isn’t exactly easy for small businesses.

But here’s the big obstacle: when it comes to Government—which is one of the biggest markets for security technologies, the deck is stacked against the entrepreneur. Nearly all big government contracts go to large contractors. These contracts run not in the millions of dollars, but in billions.  And we don’t get billions of dollars of value—if we’re lucky, we get some clunky old systems that entrepreneurs could have delivered much better versions of in a fraction of the time and a tiny fraction of the cost. Because these contracts are so big, they require many levels of approval—usually by Congress. It typically takes 3-4 years for government to award these.  Companies have to go through a grueling “certification” process to get approved to bid, and it costs millions of dollars to prepare proposals and to lobby government officials and political leaders. Startups can’t wait this long or afford the cost of bidding.

It’s an interesting post written from the perspective of the country’s high-tech heartland, which is stacked with incredibly innovative companies and lightning quick minds.

Silicon Valley and Washington, D.C., are located three thousand miles apart in space and light years apart in concept. Technology managers in government don’t know where to find the entrepreneurs who are ready and able to build innovative solutions.  And when they do come across them, they don’t have mechanisms to fund, support, or purchase technology from startups. So government managers are forced to deal only with the big contractors—who have a greater incentive to add staff (and so increase billing) than to cut costs through innovation. Not only are we wasting billions of dollars, but our nation’s defense industrial base is neglecting the vast majority of innovation from early stage and emerging growth companies.

Here’s the whole article.

—  John Reed

  • D. Dieterle

    Excellent article. Please don’t forget that companies do exist that make exceptional cyber defense and in some case offensive weapons. And these systems are available to the government now.

    Currently only available to government entities, Rsignia’s Cyberscope (Rsignia.com) provides automatic offensive cyber capabilities. When it senses an attack, it can kill the flow, provide false information to the flow or even inject it’s own code onto the attacking system.

    Rsignia’s products are also used in the government’s Einstein system.

    It would be nice if these systems would be available to private industry, but then you get into some sticky situations. Maybe if the heavier offensive capabilities could be shut off or modified for the public sector. So instead of attacking back, it would funnel the attacker into a honeypot system for forensic analysis.

    D. Dieterle

  • Oblat

    Systems like Cyberscope are hardly innovative on anything but a marketing level. The brochures full of pseudo military mumbo jumbo are actually hilarious.

    The government getting into the cybe-rcrime business which si what the whole cyberwar thing is really about - that and the same bunch of charletons who sold us network centric warfare. Will just drive up the costs of doing business in the US.

  • eric

    the Techcrunch article doesn’t address the defense problems of the US, it addresses the problems of entrepreneurs on how to make money. I feel their pain, but I also hope for the US taxpayer that Gates keeps his priorities straight.

  • Brian

    The US military should not even try to defend the private sector directly. It should simply rely on intelligence and post attack forensics to let aggressors know that we will kill you if you mess with us. In this respect a bomber is a highly effective cyber defense platform.

    Seriousily the government should not try and make itself responsible for every faulty line of code running out there, it’s impossible and beyond the misson of the military.