Biden Administration Declares War On The Internet, Clears Path For Offensive Hacking Efforts By Federal Agencies
It's impossible to be the aggressor" of the free world. Those words just don't make sense together. Defender of the free world," maybe. If you're going on the offensive, it seems unlikely you're there to protect anyone's freedoms.
But that appears to be where America is heading: the aggressor that somehow protects rights and freedoms worldwide. For years, government agencies have been asking for codification of glove removal. They want to go on the offensive in the new forever war in cyberspace.
And government officials have muddied the water by mixing metaphors, saying ill-advised things like cyber Pearl Harbor" in hopes of rhetorically raising the stakes high enough to allow the government to act as a conquering force, rather than a defender of freedom.
Those pitching the idea that the federal government should become a broadband bully often forget how often our offensive hacking tools are leaked or absconded with, resulting in Americans becoming the targets of repurposed literal spyware.
It's not that America isn't a juicy target for malicious state-sponsored hackers. And it's not that malicious entities haven't caused serious fiscal and logistical damage. It's whether or not those who buy into the cyber war = actual war rhetoric want to turn the United States into an armed invader.
That question has an answer, at least for the remainder of the current presidency. As Fred Kaplan reports for Slate, the Biden Administration believes the security of our nation is best served by aggressive cyberwarfare.
President Biden is about to approve a policy that goes much farther than any previous effort to protect private companies from malicious hackers-and to retaliate against those hackers with our own cyberattacks.
The 35-page document, titled National Cybersecurity Strategy," differs from the dozen or so similar papers signed by presidents over the past quarter-century in two significant ways: First, it imposes mandatory regulations on a wide swath of American industries. Second, it authorizes U.S. defense, intelligence, and law enforcement agencies to go on the offensive, hacking into the computer networks of criminals and foreign governments, in retaliation to-or preempting-their attacks on American networks.
There's plenty to be concerned about here. First, attribution is difficult, so going on the offensive makes it that much easier to subject the wrong target to the federal government's cyber-wrath. Make enough mistakes and those subjected to digital invasions will revolt, creating even more problems that being overly aggressive can't solve.
It will be helmed by the FBI, which is its own problem. The FBI has plenty of agendas, and very few of them are aligned with offering more security to American residents. While it may have the funding and personnel to handle a joint cyber task force, it probably would be better to let the FBI come off the bench, rather than give it the starting cyber QB job. An agency that spends an inordinate amount of time arguing against device and communication encryption shouldn't be allowed to lead cybersecurity efforts.
Then there are the demands on the private sector, which have yet to be fully enumerated by the Biden Administration. The government has long believed the private sector should willingly share information about detected threats or attacks with the federal government. But the federal government also believes sharing is something only others should do, hoarding exploits and burying information about cyber weapons until long after it's proven useful to the only stakeholder that appears to matter: the federal government.
It's possible the changes the Biden Administration is making will make America safer. But there's no reason to believe this will be the case, not when the changes are unilateral and appear to serve the government's interests more than the interests of the general public.