Commander-in-Geek Becomes Your CIO?


Yesterday I wrote about how the Pentagon is totally not militarizing the Internet by creating a new Air Force entity with a broad, unclear mandate to "dominate" cyberspace.

Today, the inevitable occurs, with Pentagon officials hinting that it might be a good idea for "private businesses that operate critical utilities and financial services" to become part of the U.S. government security system:

Businesses that opt not the participate could "stay in the wild, wild west of the unprotected Internet," [William J. Lynn III, the deputy defense secretary] told a small group of reporters during a cybersecurity conference.

And in the case of Einstein 2—an automated system that monitors federal Internet and e-mail traffic for malicious activity—companies already may have equal or superior protections on their networks.

"Einstein 2 is like a 1999 Mustang with a little rust," said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies. "For some companies it isn't a big deal. But for others who haven't done much (to secure their networks) it would be a good idea."

In other words, most companies are already doing better on their own than the product the government is offering but that doesn't mean the government won't strenuously suggest that the Pentagon might be a good place for your Chief Information Officer to hang out. To their credit, officials are looking to buy superior products rather than build their own, pre-rusted versions:

In other comments Wednesday, Lynn said the Pentagon is setting up a task force to find ways the massive agency can buy information technology programs and equipment more quickly. He said that while it takes the Defense Department as much as 81 months to fund and develop a new program, it only took Apple 24 months to develop the iPhone.

Why does this matter?: Being part of civilized Internet society in the U.S. could soon mean buying in to a non-customized package of cobbled together, slightly out-of-date (as they will inevitably be), privacy-reducing commercial security products with a government stamp on them.

Via the excellent Shane Harris. Harris spoke with me about his book on the rise of the surveillance state, The Watchers, on video here.