Pace Asks "Are We Beyond Ready to be Ready?"

COLORADO SPRINGS, Colo. (Apr. 12, 2011) — Speaking today at the Space Foundation’s Cyber 1.1 event, Gen. Peter Pace, USMC (Retired), asked the question: “Are We Beyond Ready to be Ready?”

According to Pace, in comparison with the U.S. predominance in kinetic forms of warfare, the U.S. possesses no particularly strong edge compared to other nations around the world. “Our national vulnerability in both the private and public sector is deep, from banking and stock markets on the one hand to the F-22 and Blue Force Tracker on the other,” he said. “The basic problem is that each time we create a new, more effective and more efficient system, we rely more and more heavily on computers and data, and are therefore increasingly vulnerable to cyber threats.”

Pace said the emergence of threats and conflict in the cyber domain will change the relationship between have- and have-not states as profoundly as the development of nuclear weapons once did. He said most state level actions have, so far, been deterred or self-deterred, but that within 10 years, other actors, such as state-condoned players, will develop a significant capability, the likes of which are only available to national actors today. An example he cited was North Korea’s 2009 rental of a bot net with some 200-300 million computers to swamp South Korean and some U.S. servers. “Generally,” he said. “Evidence to date suggests that smaller actors who develop a capability to conduct more significant and damaging attacks almost invariably chose to use that capability.”

In addressing this threat, Pace said the U.S. must note that there are a limited number of brilliant minds in any country. Therefore, he suggested avoiding diluting this capacity through needless repetition of efforts, such as creating a domestic NSA. “We may find it quite necessary to be able to repurpose exceptional talent in new ways, such as the application of military cybersecurity capabilities to domestic issues, even if that necessitates changes in the ways we think about the use of military capacity in a routine, domestic context,” he said. “In focusing our national efforts to tackle both private and public sector risks, policy tools can be used to prompt the private sector to improve its capabilities and to require companies to implement more robust basic security measures.”

On a strategic level, Pace said the national decision-making process cannot move with sufficient agility to effectively respond to cyber threats. “One thing that will be critical here, and in private companies, is the development of better forensic tools to detect when an unauthorized change has been made, and allow us to roll back our data to ‘clean’ status,” he said, “From there, we can start to act more proactively in preventing threats, and eventually develop the tools for effective attribution of cyber attacks, which is critical to developing our responses and defenses to cyber attacks.”

In closing, Pace returned to the question of whether or not we are beyond “Ready to be Ready”, and noted that we are very late indeed. “While we are quite capable in carrying out cyber attacks, we remain hugely vulnerable.”

Pace is president & chief executive officer, SM&A Strategic Advisors, and former chairman of the Joint Chiefs of Staff.