The Irony of it All

For all the talk of a "cyber Pearl Harbor" or a "cyber 9/11", there really are only three incidents that one can point to where a cyberattack caused significant harm to a country.

The first is Stuxtnet, the computer virus that infiltrated Iran's nuclear program and caused a number of centrifuges to self-destruct. Those destroyed centrifuges set Iran's nuclear program back by several years (we think), and (we pretty much know) was perpetrated by a combination of Israeli and American actors.

The other two can be combined into one attack: the Bradley Manning/Wikileaks affair and Edward Snowden's data dump.  In each of those cases an insider gained unauthorized access to a trove of classified documents, secreted them out of U.S. hands, and released them into the wild.

Of the two, Mr. Snowden's data theft has caused the most harm.  The documents he has released, and continues to release, have put the U.S. on the defensive globally, and also exposed a harsh light on just how voracious our intelligence community's appetite has been for unfiltered data. The net result of Mr. Snowden's actions has been to give our enemies ammunition for arguments that America is an arrogant hypocritical giant, and has given our allies pause (and even outright offense) at the prospect of assisting the U.S. with its intelligence operations.

So, knowing that America has been on the giving and receiving end of cyberattacks, we have to ask ourselves what are the consequences of that history. First, it has given our enemies an understanding of our capabilities and the ability to argue that "the U.S. did it first."  In other words - to use a legal term - America now comes forward with "unclean hands." For as much offense we take at Chinese and Iranian cyberattacks, the reality is that we cleared the path for such events and should not be surprised when we are attacked.

Second, we are forced to ask ourselves an uncomfortable but necessary question: is the U.S. government out of control? Or more specifically, is the NSA out of control and on a mission to spy on every single American?

Honestly, I think not.

While the NSA certainly has a good amount of soul-searching to do, we cannot forget the environment that drove it to its actions. In the post 9/11 world if there was one statement repeated more than any other, it was that the intelligence community had to "connect the dots."  Failure to detect and identify potential terrorists or terrorist attacks was simply not an option for our intelligence community. If they did fail, lives would be lost and otherwise successful programs would be torn apart. So I understand why the NSA pushed the envelope on its tactics as much as possible - it needed all of the dots it could get its hands on so nothing was missed.

And for all those in Congress who accuse the NSA of irresponsible or reprehensible behavior, they have to take a minute to look in the mirror. After all, it was Congress who tirelessly banged on the Intelligence Community to discover evil plots before they were executed. Heck, even after the Boston Marathon bombings one of the first questions asked was: "How could the intelligence community not figure out these men were planning something?"  One thing we now know is that it wasn't for a lack of trying on the part of the Intelligence Community.

There is an ultimate irony in all of this however.  For years our defense and intelligence leadership, including General Alexander of the NSA, bemoaned the fact that the private sector wasn't doing enough to secure itself from cyberattacks. Despite the (often well-deserved) tongue lashings, the private sector moved cautiously on security. The revelations about the NSA's alleged efforts to read Google and Yahoo's traffic has finally spurred those and other companies into action.  They are now rushing to encrypt their data and prevent anyone from breaking into their systems. And so that is the biggest irony of all—it wasn't an enemy cyberattack that pushed many companies to increase their cyber defenses, rather it was the overly zealous efforts of our nation's cyber warriors.

One can easily imagine a significantly reined in NSA in the near future, moving along with many pairs of Congressional eyes looking over its shoulder. While we may have made ourselves a little safer by recoiling at what the Intelligence Community has been up to, ultimately though we have to remind ourselves that the cyber genie is out of the bottle and there is no putting it back. Our enemies are empowered and we feel chastened.  At the end of the day we have to remember the enemy isn't us. There are many bad actors out there who can and will do us significant harm, and we need to focus our efforts on stopping them.

Brian Finch (@BrianEFinch, is a contributor.