The Administration released its National Security Strategy last week and it has been criticized as lacking important cybersecurity details. I have long said that this weakness leaves us vulnerable to threats emanating around the world, and it is something that our government must address. 

I recently joined with Dr. Larry Wortzel, commissioner and former chairman of the U.S.-China Economic and Security Review Commission, in writing an op-ed to discuss this very issue of bolstering our cyber defenses to make a comprehensive push against global threats. The op-ed ran in Defense News this week.  

Bolster U.S. Cyber Defenses

By LARRY WORTZEL and RANDY FORBES
Defense News 

Published: 31 May 2010 

With the recent confirmation of Army Gen. Keith Alexander as commander of U.S. Cyber Command, America now faces the daunting task of coordinating its military efforts to protect against and respond to cyberattacks. In February, former Director of National Intelligence Mike McConnell warned that "the United States is fighting a cyberwar, and we are losing." 

To effectively face this challenge, we must identify the attackers and develop responses in terms of policy, legislation and military preparedness. 

During the first half of 2009, there were reported at least 43,785 incidents of malicious cyber activity directed against the U.S. Department of Defense. These incursions came from a variety of sources, ranging from criminal hackers to foreign governments, and remediation alone cost the Defense Department more than $100 million. That figure does not account for the significant cost of data lost to cyber espionage. 

The most egregious actions - and potentially the most dangerous to U.S. security - have come out of China. Chinese military thinkers believe the United States is far more vulnerable to cyberwar than Beijing, arguing that because U.S. forces rely heavily on computers, satellites and space sensors; operate over vast distances; and depend on supply networks and force projection designed to get supplies and parts where they are needed "just on time," they can be seriously weakened by computer network attacks. 

Efforts by the Chinese People's Liberation Army (PLA) to develop its cyberwarfare capabilities began by examining and replicating U.S. computer network operations in the two wars in Iraq and operations in the Balkans. Today, however, China's military is actively developing an indigenous doctrine adapted to the needs of its forces. 

We know from the cyberattacks on Google and users of its Internet services that some computer exploitations by the Chinese government are attempts to strengthen domestic control over the population and suppress human rights activists. In other cases, Chinese use cyber spying to complement traditional espionage, as has been the case with gathering information related to combat aircraft such as the B-1 and B-2 bombers, naval propulsion and electronics systems, a U.S. space shuttle and perhaps the F-35 Lightning II fighter. 

The most serious threat the United States faces from China's cyberwar efforts is the attempt to impede the flow of U.S. forces and supplies to a crisis area. According to Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, some of the computer penetrations of the Department of Defense were a reconnaissance effort to map out U.S. government networks in order to cripple America's military command-and-control systems in the event of a future attack.  

Indeed, some of the more sophisticated military analyses from China's armed forces propose to enhance the ability to attack an adversary's satellite communications and sensor systems, critical transportation and energy infrastructure, ports of air and sea embarkation, and military command systems. 

China is not the only cyber threat faced by American military forces, but it has the fastest-growing and most active approach to cyberwarfare. And while the political climate across the Taiwan Strait has improved recently, Beijing continues to threaten the use of force and has developed military strategies to counter any U.S. effort to employ forces to maintain peace in the case of China-Taiwan conflict. 

There are other potential flashpoints that drive Beijing to develop offensive cyber capabilities, as well, such as the disagreement over freedom of navigation in the Pacific outside China's territorial waters. 

From a policy standpoint, the United States must clarify how it views a cyberattack and explain that it reserves the right to respond by force.  

Furthermore, with the recent confirmation of Alexander, we must stand up U.S. Cyber Command and ensure that its service components have the manpower and equipment to wage effective cyber defenses and, if necessary, undertake offensive operations. We also should be working with Australia, Japan, NATO and South Korea to address cyber penetrations. 

We also must know the origin of the software and hardware in our computer systems and our satellites. It doesn't make much sense to have a computer system built with chips and run on software created in the country that is the most active cyber espionage adversary we face.  

Defense Department supply chains for computer systems and electronic components must come from trusted foundries and use trusted software. Our satellites should be remotely reprogrammable in the event of a cyberattack. 

With a concerted effort by the executive branch, Congress, our defense establishment, industry and allies, we can harden ourselves to cyberattack and ensure that our adversaries know they cannot act with impunity.  

--- 

Larry Wortzel is a commissioner and former chairman of the U.S.-China Economic and Security Review Commission. U.S. Rep. Randy Forbes, R-Va., is a member of the House Armed Services Committee, and founder and co-chairman of the Congressional China Caucus.