Navigating a remake of federal cybersecurity

Can the federal government standardize its computer systems to make them safe against cyber attacks? It ll take time. (Jose Luis Villegas/Sacramento Bee/TNS)
Can the federal government standardize its computer systems to make them safe against cyber attacks? It ll take time. (Jose Luis Villegas/Sacramento Bee/TNS)

In 2007 on a featureless stretch of desert outside Kirkuk, Iraq, I stood with a young U.S. Army lieutenant trying to reconcile a crude, handheld GPS gadget with his laminated map.

Ultimately, he failed. His interpreter asked a local for directions.

Being lost was particularly frustrating because companies like Olathe-based Garmin sold easy-to-read navigation handsets at the time. A year or two later, much the same function became standard on even low-end smartphones.

Yet here was a guy in harm’s way trying to find his way in a war zone with something about as easy to use as a sextant.

The temptation is to think dolts at the Pentagon don’t care enough to outfit troops with modern gear. It’s not so easy.

You don’t buy enough just for a single battalion. You get enough for the entire Army. It’s got to be extra sturdy and weatherproof, and everybody needs to be on the same system. Buying things for the government, for the biggest government the world has seen, takes lots of time.

Which brings us to President Donald Trump’s executive order recently on beefing up Uncle Sam’s cybersecurity. It came in the wake of Russian hacking aimed at the 2016 election and amid growing anxiety generally about whether your electrical grid or your bank account might fall prey to internet assault.

Notably, the president called for all the federal government’s 190 agencies, using nearly as many different information technology systems, to organize into a single IT network.

That’s a solid idea. It’ll make sharing information between agencies, and from businesses, far easier. Instead of spending money building defenses for scores of system, that money can be concentrated on protecting a single network against the bad guys. (Yes, that makes cracking into that one giant system all the more tempting for black hats. But ultimately it’s worth the trade-offs.)

Still, it won’t be easy. Keep in mind the feds spend $80 billion a year on IT, much of it going to antiquated systems that won’t easily feed their old-school mountains of data into a new system. Silicon Valley needs to play along, both to feed anti-hacking savvy to the government folks and to make sure private systems work with industry standards.

This isn’t like turning around a tanker, it’s like getting all the world’s tankers to meet up in the Pacific, lashing them together and waiting for a spring thaw to squeeze through the Northwest Passage.

Trump’s executive order gave agencies 90 days to put together detailed reports on the cost of conversion, where defenses are weakest, the cost of a fix and a plan for overhaul. Analysts say the agencies face a wildly unrealistic deadline. Think more like six months or a year.

Any resulting plan figures to come full of privacy worries, weighted down with the cost of building a system so massive yet still agile enough to work with technology of the future.

The makeover could prove as critical as keeping our dams and power plants operational, our bridges intact and our roads passable. The day after Trump’s executive order, a global ransomware attack spread across the globe with hackers demanding crypto-bucks in return for unscrambling infected hard drives.

Rebuilding a national cyber defense means years of headaches to come. But like that junior officer in Iraq, the country needs to navigate to safety.

About the Author