One step forward, two steps back: The state of cyber security in Washington

Even as one senator speaks sense on connected cars, the president's latest cyber security agency won't likely leave hackers shaking in their boots

Heart attacks hurt. I know this because I had one after learning our government can have sane ideas about technology. My heart swelled three sizes, began beating like a snare drum, and tried to physically attach my lower intestinal tract to my brain stem. I jumped up, clutched my chest, and uttered what I thought were going to be my final pithy words, "Flergle glieman!”

Then I fell over the coffee table, and in a moment of entirely describable tragedy, spilled my scotch tumbler. I wouldn’t be writing this now had not my intrepid feline companion, Maginot, been so quick with my home defibrillator and had I not seen, out of the corner of one eye, another headline concerning our government’s grasp on tech. The latter brought me and my ailing ticker back to reality. I started breathing normally again, though Maginot zapped me anyway because he'd already set up the defibrillator and didn’t want to waste the effort.

What pulped my pump in the first place was Sen. Ed Markey’s (D-Ma.) report on the state of cyber safety for both your current car and the self-driving vehicle that Google wants to sell you after it passes a rigorous internal quality test lasting at least 11 minutes. Markey’s aides apparently:

  • Didn’t get a donation check from the automaker’s PACs this term
  • Saw one of the umpteen YouTube vids showing giggling gaggles of hackers taking control of “connected” cars from their mom’s basements, then performing various deeds of mischief

Score one for Sen. Markey

Markey’s minions then put one and one together and came up with two -- that is, the report in question, which points out we should be thinking carefully about our new cars’ connectivity before trusting our butts and baby seats to them. Sure, it’s an obvious point and one entirely behind the curve, but you have to admit it’s sane. Think before connecting at 80mph -- so simple, so true, and it came from a politician! Wow, my heart hurts. Hey, back off, Maginot!

The headline that saved my life is the one about Obama’s new, me-too, it’s-the-next-guy’s-problem cyber security agency. Voilà, the backhanded, ineffectual government technology policy we’ve come to know and depend upon. My heart feels good again. If you missed it -- and I don’t see how you could, with the president’s PR engine being what it is -- the White House “counterterrorism advisor,” Lisa Monaco, announced the new Cyber Threat Intelligence Integration Center (CTIIC), also known as the Worldwide Anti-mean-stuff Sloth and Tax Escalator (WASTE).

According to Monaco’s description, the White House has had enough -- enough, I tell you! -- of the endless stream of high-profile hacks that have been plaguing our wallets and interwebs lo these many years: Home Depot, Sony, Anthem, the list goes on and on. Before he stumbles dazedly out of the White House for the last time, President Obama is determined to leave a none too deep, politically strategic, and wonderfully worthless impression on the state of cyber security today. Enter the CTIIC.

An armada of cyber security agencies

Apparently, Monaco and our current POTUS are of the opinion that we already have too many agencies chasing hackers and seeking to bring them to justice (or at least offer them highly paid consulting gigs.) They cite the Department of Homeland Security, the FBI, the CIA, and the ever-fuzzy NSA among others. I’d like to take this opportunity to point out to Ms. Monaco and President Obama that they might’ve misread the agencies’ mission statements. Based on the current state of leaked government documentation, these organizations don’t chase hackers of illegally garnered data, they are hackers of illegally garnered data.

Be that as it may, the pointy heads of the administrative branch feel the answer to our cyber problems is this new organization billed as an information “aggregator and disseminator.” The CTIIC will gather up all the many reams of data generated each day about cyber threats the world over, organize them according to a 16,000-page manual undoubtedly stored in an Access database mirrored on a warehouse worth of unencrypted thumb drives to be left in overpriced rental Town Cars all over the DC area, then distribute that information to frontline cyber warriors working for the various investigative and cyber defensive branches of government, as well as select private sector security firms. Said distribution will happen like greased lightning in accordance with a typical, government-spawned 1,847-branch hierarchical decision tree written in Navajo and authored by a White House intern majoring in experimental anthropology at UConn.

This courageous policy will ensure that buckets, barrels -- nay, Dumpsters' worth of cyber threat analysis, branded with the confidence-inspiring logo of the White House, will reach war-scorched desks one month, or at most three, after it’s in any way useful. In case you’re worried about money, don’t be. Allegedly, the CTIIC will be funded with a whopping $35 million from the 2016 budget or almost double the funding Yo will get in its next VC round and enough to rent DC loft space through next fall … maybe.

Thank you President Obama. You can now say that in your last 10 seconds of office you took concrete, press-conference worthy action to help the state of cyber security without being responsible for any tangible results whatsoever, and at the cost of mere millions to those few of us poor enough to still pay taxes. Brilliant, we are now completely safe. Time to wire the cat.