Galrahn’s post below is a good overview of the highlights from Day 1. There are so many good things to discuss that picking what to post on is difficult.
That overview gives me a chance to focus on something specific; something that bothered me all day.
Have you ever sat there listening to someone speak, and you hear they say something that you just have trouble believing was spoken? You kind of tilt your head a bit, look at your notes, look back at the speaker, and then lean to the guy next to you and ask, “Did he just say ….?”
Well, that happened early today at West 2010, right out of the box, I heard something that worried me. It doesn’t worry me in the way the black-helicopter AFDB crowd may be worried – but it has worried me nonetheless.
At an early age I came upon a collection of Ben Franklin’s little known works with a very funny title
There is a quote of his that is a touchstone for me, one that often comes to mind when this nation’s leaders begin to look for shortcuts when faced with difficult security challenges.
As with many of his quotes, this one is a warning; a timeless warning founded on the lessons of thousands of years of human history.
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
It is closely tied to another of his quotes,
Outside Independence Hall when the Constitutional Convention of 1787 ended, Mrs. Powel of Philadelphia asked Benjamin Franklin, “Well, Doctor, what have we got, a republic or a monarchy?” With no hesitation whatsoever, Franklin responded, “A republic, if you can keep it.”
Franklin knew that like all human institutions, governments are subject to weaknesses and mistakes. These weaknesses and mistakes, often made by good people trying to do the right thing – if not corrected leave doors open for bad men to do evil.
Day 1 was very Cyber Domain focused, and in the kick-off address, Vice Chairman of the Joint Chiefs of Staff, General Cartwright, USMC, said something roughly along the lines of this,
(some Americans might be willing to say) I will voluntarily give up my privacy to ensure that I will be protected.
He saw this as a good thing. Something to be hoped for. Something to be encouraged. And they should give that privacy up to the uniformed services.
Gulp. Yes, a 4-star American General said that in the context of it being good – good for the security of the state.
Here is the context. One of the big transformationalist movements and producers of much PPT is the drive to better protect the critical information infrastructure, AKA the Cyber Domain. All the services are setting up their own cyber security areas (see 10th Fleet), and the experience of Estonia, Georgia, and those “mysterious” probes [thumbdrive] of our systems is driving a lot of smart people – and quite a few civilian companies – to beat the drums of cyber security. That is a good and smart thing.
The problem is complicated by the following statement by the Commander in Chief.
“From now on our digital infrastructure, the networks and computers we depend on everyday, will be treated as they should be – as a strategic national asset,”
– President Barak Obama, 01 JUL 09
This is where the military mind kicks in. With clear direction and guidance from the CINC – the 4-Stars will wait for a nod from the JAGs and march forward.
Where does that get us today? Well, it seems that the some senior leadership in the military have decided that the military needs to take the lead in cyber security. Why? Well, the CINC has designated it as a strategic asset – to be treated like … well …. a strategic asset.
And so the machinery starts.
What makes the military even twitchier is that they have known since the beginning that the .mil 1’s and 0’s would ride their IT pipes on top of existing civilian infrastructure – from fiber to satellites. We have adopted civilian systems, COTS. Everything relies on that civilian infrastructure as a body relies on water. Backup? Ask your IT’men where their HF TTY system is.
Yes; Admiral Adama is worried – but Skynet is pleased.
The military is twitchy – but what about the civilian industry – are they worried? Of course they are, but they have their own security protocols, back-up systems, and ways of addressing computer network attack. They are also relatively nimble, aggressive, and can quickly hire the best personnel with a focus on shareholder value that demands decisive and secure action. On a whole, a distributed, redundant and diverse system. Unorganized and with some critical weaknesses, of course – but some would argue that the diversity and lack of organization is also a strength … but that is a different post for a different day.
Is it industry’s desire for the Pentagon to come in and rescue the day? Treat the Cyber Domain like navigable waterways and the interstate highway system – the sea lanes and the airways? Are the American people ready for the Department of Defense to assume security responsibilities from your house to wherever your information flows or is stored? Really?
Now it is time to ask; – can we do it? Does our nation want us to do it? Should we do it?
Can we do it? Sure – the military can do anything it wants, really. It has the power of the state. The military can do, by order of the CINC, anything unless the Supreme Court says no – by precedence or judgment – or the Legislative Branch acts. Our Founding Fathers knew that – that is why we have the system we have; thank goodness.
Does our nation want us to do it? I would offer you this:
Walk into any bank, insurance company, pharmaceutical manufacturer, or software company and tell them, “Hi. I’m from the Department of Defense. We need full administrator rights to your network, software code, PCs, mainframes, communication infrastructure, security protocols, and file storage facilities. Trust us. We’re here to help. Don’t say no or we will shut you down and do it anyway.”
See where that gets you.
Let’s get beyond the Orwellian idea of the U.S. military in our Representative Republic having control of the security of the personnel, professional, and financial data for the civilian population it serves. That is enough to stop anyone cold. Let’s look at the deeper problem.
Ah, what is that line again?
“I …. do solemnly swear (or affirm) that I will support and defend the Constitution of the United States,
Yep, I am going to go there.
Posse Comitatus (Latin): Power of the county.
18 U.S.C. § 1385. Use of Army and Air Force as posse comitatus:
Whoever, except in cases and under circumstances expressly authorized by the Constitution or Act of Congress, willfully uses any part of the Army or the Air Force as a posse comitatus or otherwise to execute the laws shall be fined under this title or imprisoned not more than two years, or both.
10 U.S.C. § 375. Restriction on direct participation by military personnel:
The Secretary of Defense shall prescribe such regulations as may be necessary to ensure that any activity (including the provision of any equipment or facility or the assignment or detail of any personnel) under this chapter does not include or permit direct participation by a member of the Army, Navy, Air Force, or Marine Corps in a search, seizure, arrest, or other similar activity unless participation in such activity by such member is otherwise authorized by law.
One of the challenges of the Cyber Domain is that an attack can come from anywhere – and if done right – nowhere and everywhere.
If the Bank of American in Charlotte, the New York Stock Exchange, and the Chicago Mercantile Exchange all come under cyber attack and the US military has control for security of the nation’s cyber infrastructure – and that attack is coming from Gainesville, FL by American citizens – then in essence the U.S. military is “…willfully (being) use(d) …. to execute the laws...”
Has this angle been looked at? Of course it has. Am I a Constitutional Lawyer? No.
Do we not have federal, civilian law enforcement entities (FBI, DHS, etc call your office) for the purpose of this? Yes we do. You do not have to be a Constitutional lawyer to say that they are the ones who need to take this, with DOD in a supporting role within well defined and highly restricted confines. Most external work in this area should be done by NSA and CIA with DOD again in the supporting role.
Good news though – even through Gen. Cartwright’s brief was very “DOD in Charge” directed, ADM Stavridis’ presentation later on in a related topic put DOD in its correct area – at the bottom of the chart and in a supporting role. That and other panel discussions tell me that this is an ongoing conversation. Good. We have time to get this right.
I ask you though – a lot of very powerful people wearing a uniform who think that it is: is it the legitimate function of the uniformed services to ask of its citizens to, “Give up your privacy to ensure that I can protected you.”?
I don’t know about you – but the fact that the question needs to be asked is worrisome.
