Commentary Magazine


Contentions

Can the Pentagon Cope With Malicious Software?

Now we are really in trouble. Here’s a report from a Defense Science Board Task Force on the dangers of foreign-produced software now being used by the Department of Defense. Its central conclusion is that

Each year the Department of Defense depends more on software for its administration and for the planning and execution of its missions. This growing dependency is a source of weakness exacerbated by the mounting size, complexity, and interconnectedness of its software programs. It is only a matter of time before an adversary exploits this weakness at a critical moment in history.

The software industry has become increasingly and irrevocably global. Much of the code is now written outside the United States, some in countries that many have interests inimical to those of the United States. The combination of DoD’s profound and growing dependence upon software and the expanding opportunity for adversaries to introduce malicious code into this software has led to a growing risk to the nation’s defense.

Is this a real danger?

The study itself is filled with a wealth of fascinating details about the vulnerability of critical defense computer applications to nefarious software producers. And evidently there are no easy tools for detecting deliberately planted bugs.

We thus face the danger that when, say, an American President decides to launch a nuclear strike against, say, China in response to an attack, say, by China on Taiwan, he will press the button and, thanks to malicious software, not a rocket will go off, even if he presses the button again and again.

But before we hit the panic button, let’s ask some obvious questions. How come hackers and producers of malicious code have not yet enriched themselves by raiding the major investment houses of the West? If our adversaries are as good as we are saying they are at exploiting vulnerabilities in our technology, why are their brilliant programmers not going off on freelance missions to tap in, say, to the electronic systems of a Goldman Sachs and transferring its assets to themselves?

The major investment banks from Lehman Brothers to Deutsche Bank are all enterprises that span the globe. We never read headlines about billions disappearing from their coffers at the stroke of a hacker’s key. If the investment banks can protect themselves, and if the Federal Reserve Bank can also protect itself, why can’t the Defense Department follow suit?

I don’t have an answer to this question, but if you do, please help me connect the dots.



Join the discussion…

Are you a subscriber? Log in to comment »

Not a subscriber? Join the discussion today, subscribe to Commentary »





Welcome to Commentary Magazine.
We hope you enjoy your visit.
As a visitor to our site, you are allowed 8 free articles this month.
This is your first of 8 free articles.

If you are already a digital subscriber, log in here »

Print subscriber? For free access to the website and iPad, register here »

To subscribe, click here to see our subscription offers »

Please note this is an advertisement skip this ad
Clearly, you have a passion for ideas.
Subscribe today for unlimited digital access to the publication that shapes the minds of the people who shape our world.
Get for just
YOU HAVE READ OF 8 FREE ARTICLES THIS MONTH.
FOR JUST
YOU HAVE READ OF 8 FREE ARTICLES THIS MONTH.
FOR JUST
Welcome to Commentary Magazine.
We hope you enjoy your visit.
As a visitor, you are allowed 8 free articles.
This is your first article.
You have read of 8 free articles this month.
YOU HAVE READ 8 OF 8
FREE ARTICLES THIS MONTH.
for full access to
CommentaryMagazine.com
INCLUDES FULL ACCESS TO:
Digital subscriber?
Print subscriber? Get free access »
Call to subscribe: 1-800-829-6270
You can also subscribe
on your computer at
CommentaryMagazine.com.
LOG IN WITH YOUR
COMMENTARY MAGAZINE ID
Don't have a CommentaryMagazine.com log in?
CREATE A COMMENTARY
LOG IN ID
Enter you email address and password below. A confirmation email will be sent to the email address that you provide.