[cnn-photo-caption image=http://i2.cdn.turner.com/cnn/2009/US/04/21/pentagon.hacked/art.jsf.lockheed.jpg caption="The F-35 Joint Strike Fighter's self-diagnostic system was compromised by hackers, officials say."]
David Gewirtz | BIO
Editor-in-Chief, ZATZ Publishing
It used to be spying was hands-on. To turn someone into an Aldrich Ames, you had to tempt them with money or revenge or ideology, promise them sex or catch them at it. Today's spies are less like a real-life James Bond and more like Lewis Skolnick from "Revenge of the Nerds".
Today's master spies don't wear tuxedos and play baccarat. Instead, they wear sweatpants and play Halo (and, hopefully, shower at least a few times each week). And while old-school spies were trained in all sorts of physical feats, from high-altitude skydiving to deep-sea scuba, today's master spy's most physical activity is walking back from the fridge while balancing a drink and a snack.
James Bond had a license to kill. Today's spies are geeks who can write code and they could well be far more dangerous than any Cold War spymaster ever was.
Stolen fighter jet plans
Yesterday, CNN producers Mike Mount and Eric Marrapodi published an article about an apparent theft of ultra-confidential Pentagon information on the U.S. military's hottest new advanced fighter jet. They reported that not only had thousands of documents been stolen over the last few years, but spies got into the U.S. Air Force's air traffic control system and were able to see where our military aircraft were at any given time, while actually in flight.
If true, this information might also have included real-time location information for strategic assets like Air Force One and Nightwatch, the Boeing E-4B that's America's airborne mobile National Command Authority command post, the aircraft that's intended to run the country in the event of nuclear war.
And how did spies get access to all this information?
Through the Internet, of course.
This is just one of an uncomfortably large number of intrusion reports that seem to stream in on an almost daily basis. Spies aren't just accessing our confidential military information, but secrets from our most innovative companies, and even financial information right off our family computers.
Most often it's an independent security analyst of some kind who breaks this news and it's really hard to tell whether self-promotion or patriotism motivates the releasing of these reports - and whether they're, in fact, true. We keep hearing about China and the former Soviet Bloc nations as key players in these compromises, and they're undoubtedly in the game.
Unfortunately, because all of this relates to confidential information, getting true confirmation, rather than hearsay, is almost impossible. But given how challenging it is to fully secure any network and some of the lax security procedures we're seeing in some network operations, it's entirely likely that many compromises like those reported have actually taken place.
We're also getting reports about chip replacements where counterfeit or flawed computer chips that are winding up in military avionics,. That, too, is well within the bounds of probability because we don't control every stage of the supply chain for many of these systems. Some of those systems use components used in consumer products as well as military products.
Was an intrusion like Mount and Marrapodi reported possible? Absolutely. Is it likely? Definitely. Can we do better to protect ourselves? Yes, but sometimes that means we have to impose restrictions that contractors might not like, and we're always depending on the weakest link.
For the Pentagon and its contractors to truly secure their systems, they'd need to cut themselves off from the outside world, at least electronically. They could never, ever connect to the Internet. No employee or contractor could ever be allowed to bring electronic devices like laptops, BlackBerrys or iPods into a secured facility from the outside world. And no employee or contractor could be allowed to do any work from home.
It's an interesting paradox because the Internet provides enormous efficiencies to government and military operations. But because the Internet connects everyone to everyone, our super-secret government networks are only a few hundred milliseconds away (in data travel time) from the flying fingers of our enemies' uber-geeks.
All it takes is one small security hole, one mis-configured network device, one motivated employee working from home on the same computer his teenager uses to download music, one laptop brought into a secret location with a virus or worm on it, or one disgruntled or opportunistic worker funneling data to the enemy on purpose.
So how do we protect ourselves?
First, of course, we close every security hole we can find and we educate employees and contractors on how to avoid bad practice. You'd be surprised how far that will actually get us in making things more secure.
Then, we innovate. You've heard the term "arms race". We've been competing in various arms races with our enemies ever since we were a country. And we usually won. Just as our enemies would gain an advantage, we'd come up with a better weapon, a better strategy, or a better counter-attack. America is very, very good at one-upping our enemies. As "they" gain access to our networks, we need to make the information they get old news.
Next, we investigate. Although it sometimes seems like our nerdy intruders are covering their path, almost every network activity leaves a trail that an equally nerdy forensic investigator can track down.
And then we fight back. After all, if our networks are only a few hundredths of a second away from their geeks, their networks are only a few hundredths of a second away from ours. And we grow our geeks good and smart here in America.
There's one other factor to keep in mind: the human factor. Just because our enemies might get information about how a certain aircraft is built - and even, possibly, develop some tactics to counter it - we still have the men and women in our military. Never, ever underestimate the ability of our pilots to fight and fly, our maintenance crews to fight and fix, and our generals and admirals to fight, formulate, plan, scheme, and strategize.
As a nation, we may not be all that good at exit strategies, but beating the living heck out of our enemies is something America does very, very well.
And let that be a warning to those spying geeks in faraway lands with strange sounding names. Annoy America's military too much and that explosion you hear in your living room might not be just coming from your Xbox.
Follow David on Twitter at twitter.com/davidgewirtz.
Editor’s note: David Gewirtz is Editor-in-Chief, ZATZ Magazines, including OutlookPower Magazine. He is a leading Presidential scholar specializing in White House email. He is a member of FBI InfraGard, the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security, and has been a guest commentator for the Nieman Watchdog of the Nieman Foundation for Journalism at Harvard University. He is a faculty member at the University of California, Berkeley extension, a recipient of the Sigma Xi Research Award in Engineering and was a candidate for the 2008 Pulitzer Prize in Letters.