The U.S. government needs to do more to protect itself in cyberspace as adversaries’ technological capabilities rise, according to the departing general counsel of the NSA.
Glenn Gerstell, who is leaving the NSA later this year, said the expanding threat landscape — caused by the combination of nation-state’s capabilities and the onset of technologies such as 5G, artificial intelligence and the internet of things — presented several challenges that the intelligence community must grapple with long after he leaves the agency.
“It is almost impossible to overstate the gap between the rate at which the cybersecurity threat is getting worse relative to our ability to effectively address it,” Grestell said at an American Bar Association event Jan. 15.
At the heart of the issue, he said, is the odd geopolitical dynamics of relying on countries considered adversaries for trade, like China, or sending American astronauts to the International Space Station, in the case of a Russian launch in December. The Russians, of course, have a well-documented record of attempting to breach, sometimes successfully, state voting infrastructure. And the Chinese have continuously stolen intellectual property from American business by breaching their networks, including those of defense contractors, which has ultimately led to the development of the soon-to-be released Cybersecurity Maturity Model Certification (CMMC) out of the Pentagon.
“That cybertheft enabled China to rapidly rise to threaten not only our economic hegemony, but also, at least in certain places around the globe, our military position," Gerstell said.
Gertsell listed China as the first issue, using it as the best example of the challenges presented by the mix of technology and cybersecurity. China is home to Huawei, a tech giant that sells hardware for 5G telecom networks, prompting fears to several senior U.S. officials about putting Huawei products into U.S. networks, in addition to allies’ networks. The Federal Communications Commission recently banned its subsidies to rural telecom providers from being spent on Huawei products.
And with China’s economic and technological rise, the IC needs a whole host of new experts added to its workforce to counter its growth, Gerstell said, including experts in AI, metallurgy, biotechnology, quantum computing, crop genetics, port logistics and finance.
But there are some structural inhibitors that the government will have to adjust to better handle the threats. Part of the challenge the intelligence community faces in combating cybersecurity threat are the several silos throughout the IC, defense and civilian government agencies with jurisdiction over cybersecurity challenges. The potpourri of agencies with authorities is too great to manage a threat that Gerstell called “so complicated.”
“I, personally, would like to see greater centralization in government within our cybersecurity initiative across government,” Gerstell said, adding that he wished the government could come up with an “effective and politically acceptable solution.”
Another structural adjustment Gerstell pointed to was the laws written by Congress.
“Our laws and government structures are not where they need to be to facilitate that task and confront this rapidly mutating threat," said Gerstell. “That is not to say that a great deal of important work hasn’t already been undertaken, but simply that the threat is advancing at a faster pace.”
The current surveillance laws, he said, are outdated for the current cyberthreats facing elections, the defense industrial base and others, like state and local governments.
“The foreign focus of our intelligence agencies, our four-decade-old system of surveillance laws and the manner in which our first and fourth amendments have been interpreted to provide domestic protections, have yielded an overall legal scheme that I doubt anyone would come up with in the face of today’s threats,” Gerstell said.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.