America’s weak cybersecurity puts our nation at risk of a modern 9/11

As serious as Kim Jong Un’s threats are to attack Guam, Alaska or Hawaii with nuclear ballistic missiles, it’s likely that any future conflict will begin, and possibly end, with non-kinetic but no less crippling cyber warfare. This kind of warfare encompasses the assault on the electronic “connective tissue” of modern society by interfering with the critical data and electronic signals that control and influence every facet of modern  life.

Americans may understand that cyber threats exist, defining the dangers in terms of loss of credit card information, personal information like addresses, phone numbers, social security numbers, bank account information and even private health information. Fifteen million Americans will have their identities stolen this year. And by some estimates, Cybercrime will cost American businesses $8 trillion over the next five years. Appalling? Yes. Life threatening? Maybe not.

{mosads}More serious but less publicized is the loss of very sensitive proprietary information like China’s theft of Lockheed Martin’s F-35 stealth fighter jet. At least two of China’s modern fighter aircraft, the J-31 and J-20, are built off of stolen F-35 designs. The 2016 presidential campaign saw the hacking of 33,000 of Hillary Clinton’s emails, many containing classified information.

Blatant attempts by Russians and others to manipulate our sacrosanct election process through cyber meddling focused attention at the political level. The notion that Vladimir Putin could impact our election process should be seen as a grave threat. After all, Russia’s cyber manipulation has successfully impacted the elections in France, Germany, Ukraine and others.

Why would we think America would be immune from Russian hacking or cyberattacks by other nations and groups? Information warfare, which is what Russia is waging against the United States, has become a major political distraction, but many in Washington and across the country are missing the bigger point.

Considering the far more serious implications of network intrusion and data manipulation by hostile foreign powers, the stakes are far higher than political theater and sensational journalism will allow. From government information technology networks to the cockpits of our most sophisticated aircraft, cyber threats are real, dangerous and growing daily.

The largest U.S. government network hack recently occurred when cyber thieves stole records affecting 21.5 million current and former government employees. In the government domain (.gov) alone, there are more than 100 departments and agencies across every functional federal and state IT component at significant cyber risk.

Foreign agents are constantly probing, attempting to steal whatever they can from virtually every critical part of our IT networks. Departments whose purpose includes everything from developing war plans, to gathering intelligence, to managing our currency, collecting taxes and managing our electrical power grid are under constant cyberattack.

Bringing down any one of these critical .gov functions through cyberattack seriously threatens our national security, which is why the U.S. Department of Homeland Security (DHS) is responsible for protecting these interconnected networks at all costs. Protecting critical IT infrastructure is the responsibility of the National Cybersecurity Protection System (NCPS), specifically a system of tools known collectively as “Einstein,” which secures and defends .gov networks.

As the cyber threat grows, so must the government’s capabilities. DHS awarded the development, operations and maintenance contract, known as “Domino,” to upgrade the .gov system and integrate ongoing function and cyber protection across the domain.

For more than two years, the Obama administration has been in wrapped up in a wasteful, revolving door contract protest that has led .gov to be no closer to bringing online the much needed upgrades to the government’s IT protection tools, including state of the art predictive analytics, network protection and much needed automation.

This urgent upgrade is still not underway, despite the urgent need, and through multiple review processes the DOMino contract repeatedly being awarded to the same vendor get the job done. At stake here is more than procurement integrity. Delaying cyber protection affects all government agencies, not just one or two, because they’re all interconnected in one way or another. Citizens rely on their government to prevent a cyber 9/11, whose effects could cripple and destabilize the country.

It is axiomatic that the Department of Homeland Security is charged with protecting citizens from all external threats, including the devastating effects of cyberattack. The Trump administration and officials at DHS have an opportunity to get this right once and for all. They should not let the arcane government acquisition process blunt the agency’s critical mission, especially now, when the threat is increasing.

Sandy Clark is a retired U.S. Navy captain who served 24 years on tours around the world. He is now a consultant on national defense issues including cybersecurity.

The views expressed by contributors are their own and are not the views of The Hill.