The Trump administration is finally giving the promised attention to the issue of cybersecurity and has decided to elevate the US Cyber Command to a Unified Combatant Command.
The move signals the US President is finally giving cyber warfare the needed attention. This is actually something that’s been in the works since Obama was in office, but it has only now reached the high point.
So what does this mean? Well, it means that the Cyber Command gets the same rank as nine other combat commands.
According to the statement issued by the Trump Administration, James Mattis, Secretary of Defense, will even examine the possibility of separating the Cyber Command from the National Security Agency, although his recommendations are to be announced at a later date.
“This new Unified Combatant Command will strengthen our cyberspace operations and create more opportunities to improve our Nation’s defense. The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries,” Trump said in the statement.
It is expected that the move will streamline command and control of time-sensitive cyberspace operations. It will also help to ensure that any critical cyberspace operations receive proper funding without the requests being lost in a mountain of bureaucracy.
As mentioned, the idea for the independent Cyber Command came when Obama was still in office with valid arguments being brought forth by the supporters, more specifically, that the unit’s mandate is sometimes at odds with the NSA’s operations.
Currently, the Cyber Command is led by Michael Rogers, NSA chief.
The decision is seen as a good one, particularly due to the sensitive situation between the world’s greatest powers, the incidents involving Russian govt-backed hackers and so on. It should also be mentioned the attacks Ukraine has been under in the past couple of years and how many times state-backed actors have been found guilty of various cyber attacks.
Elevating the US’ capabilities to fight against cyber attacks is a welcomed step.
It may never be enough
The thing is that while this whole situation may sound good (and it is, without a doubt, so), the government will likely never be able to do enough to protect its citizens from cyber attacks. When you’re afraid of someone you call the cops, when you’re sick you call the doctors, when your house is on fire you call the firemen. But who do you call when you’re under cyber attack? Well, that’s the thing, there’s no one you can call.
The government promises it can protect you to some extent, but it can never take on this job fully. Michael Hayden, former Director of the NSA and CIA, said during a conference last year that governments will never be able to fully protect its citizens against cyber attacks. That’s because the government, as an institution, is slow and it will never compare to the speed with which tech people move, whether we’re talking black hats or white hats.
There are, of course, other issues brought forth by Edward Snowden’s leaks on the NSA, which exposed mass surveillance operations that supposedly had the purpose of “protecting” citizens while spying on them.
Cybersecurity experts agree with Hayden on this issue. Arthur Keleti, cybersecurity expert and author of “The Imperfect Secret,” said that the monitoring, protection and, through that, the security of cyberspace, require a fundamentally differnet approach from governments, private companies and sociey.
“The nature of this domain is significantly different to our physical dimensions for what people and governments have set their speed of reaction, immune system, or awareness for. The realization of this paradigm shift should make governments move cybersecurity way up the priority ladder,” Keleti said. “Hopefully, this will result in providing people with the right level of protection in the cyber domain too. Although the direction is looking good, and the goal is set, I believe we are still lightyears away from reaching it. At this moment, the competency of protection is in the hands of private companies, DIY people, and the governments, good or not – in this order.”
He concluded with the prediction that we will not reach fully comprehensive protection for citizens in cyberspace in the next ten years.