The state of American cybersecurity is often criticized by experts as inefficient and lacking. An incident from back in 2008 shows how the people in charge of the country’s cybersecurity can mess up in ways that border on stupidity. The story was recently exposed by the Washington Post, and goes like this: A terrorist-tracking forum, created by the CIA and Saudi government, was shut down by the National Security Agency. The message board was started by the CIA and Saudi government as a “honey pot” for gathering intelligence on extremist activities in the area. By all accounts, the strategy was working—the website saw significant terrorist traffic and provided a wealth of intelligence to both nations.
But according to the National Security Agency the site was a little too well-trafficked, and in 2008 it determined that the site was being used by terrorists to facilitate attacks against American forces in Iraq. A task force of officials convened and, despite the CIA’s objections and one official’s claim that the the NSA had no authority to do so, the plan to shut down the site went forward.
Taking down sites is tricky business, and along with the forum the Pentagon unit that was carrying out the operation accidentally took out 300 servers in Saudi Arabia, Germany and Texas. The Germans, as well as the Saudi officials who had lost a valuable intelligence resource, were not pleased with the disruption.
Cyberspace is a new, complex front that officials are still figuring out to defend. If the CIA’s website was in fact contributing to the death of American soldiers, then it makes sense that it was dismantled. But, as one researcher noted, “you can’t really shut down this process for more than 24 or 48 hours”—on the internet, where there’s a will there’s a way—and the CIA maintains that the NSA only managed to drive the terrorist activity into the shadows of the net, where it can’t be as easily monitored.
Cybersecurity will only become more important going forward, so it’s good that we’re working out these kinks now. The internet is fundamentally a different kind of battlefield and securing it is a daunting task. But I’d imagine a good first step, for government agencies, would be getting on the same page.
