September was a busy month for cyber attackers. On September 30, Washington Free Beacon editor Bill Gertz reported—and on October 1st. the White House confirmed—that hackers had broken into a network used by the White House Military Office (the system that includes the “nuclear football,” the president’s nuclear-weapons launch codes). Then, on October 1, Bank of America, JP Morgan Chase, and Wells Fargo all reported having been “pummeled with Distributed Denial of Service (DDoS) attacks.” The White House attacks are widely believed to have originated in China, the bank attacks in Iran.
American nukes and the U.S. economy in the digital crosshairs—a busy month indeed, yet not necessarily busier than any other month. Our digital infrastructure and data are under continual assault by foreign powers, by freelance criminals, and by agents of corporate espionage, among others. It is a grim reality that makes the recent comments of Michael Hayden—former CIA and NSA director, now a principal at the Chertoff Group—to Bloomberg Television’s Peter Cook seem about as appropriate as responding to the lookout’s cry of “Iceberg dead ahead!” with an order to arrange the deckchairs in neater rows.
General Hayden suggested that if President Obama attempts to fast-track the bolstering of U.S. cyber defenses with an executive order instead of waiting for Congress to agree (difficult to get that phrase out without a chortle) on comprehensive legislation, he would be confessing to an absence of broad support for cybersecurity efforts. “We as citizens have not yet determined, in broad terms, what it is that we want the government to do in the cyber domain to defend us or what we will allow the government to do in the cyber domain,” Hayden told Cook.
Actually, I don’t disagree with the general.
Yes, issuing an executive order does admit a dearth of Congressional will and consensus as well as an absence of public clamor. And, yes, not only have American citizens not decided—in “broad terms” or any other terms—what they want the government to do to protect them from cyber attacks, they haven’t a clue. That is the point. Why should they?
The experts, the tacticians, the strategists, the commanders, the policy makers are not out on the street but in the government, employed by the government, or in consultation with the government—you know, that institution with a constitutional duty to “provide for the common defense” and “promote the general welfare.” The legislative, judicial, and executive constituents of our republican government are not tasked with reflexively acting upon the determinations of the people, but with shaping and guiding those determinations. In short, they are supposed to be leaders, and at no time is strong leadership more critically important than when the people are under attack.
Yet the fact is that, even if Congress possessed the non-partisan wisdom and will to act comprehensively in the face of the ongoing assault, events would still outpace the legislative process. As for the judiciary, it cannot act in the absence of legislative or executive action.
So, that puts the leadership burden on the president and his prerogative of the executive order.
Is this prerogative imperfect? Yes. Will an executive order be truly comprehensive? Almost certainly not. But, as a retired U.S. Air Force general, Michael Hayden might ponder the wisdom of one of the U.S. Army’s most celebrated and successful four stars. “The best is the enemy of the good,” George S. Patton Jr. wrote. “By this I mean that a good plan violently executed now is better than a perfect plan next week.”
In a crisis of combat—and if this past month has revealed anything about the state of cyberspace, it has revealed it as an active field of battle—Patton called for acting with “self-confidence, speed, and audacity. None of these things can ever be perfect,” he conceded, “but they can be good.” So issue the order, Mr. President. General Hayden, there will be plenty of time to arrange the deckchairs later.