Cyber Scene #70 - Fueling Cyber: Capitol, Capital
Cyber Scene #70 -
Fueling Cyber: Capitol, Capital
As we inch across a summer toward, one hopes, a period of lower gas prices, Capitol Hill is blasting through hundreds (433 counted by the Senate) of amendments to the National Defense Appropriations Act 2023 (NDAA 2023), to be implemented by the beginning of the next fiscal year on 1 October 2022. This is a seminal exemplar of bipartisanship, despite some amendments that are less so. Senator Jack Reed (D-RI) who chairs the Senate Armed Services Committee (SASC) delivered a bipartisan approval committee vote of 23-3 announced in late June. Senator Reed announced: "It strengthens our offensive and defensive cyber capabilities and accelerates research and development of advanced technologies like hypersonics and artificial intelligence that will give our forces critical advantages." The bill then moved to the Senate for a full vote. A two-page description of funding for cybersecurity is included in this summary. A fine-tuned description and accompanying dollar allocation is elusive, as many of the itemized allocations are identified as "an increase of X dollars from NDAA 2022." The details of the initiatives are often not for public discussion, but the Senate bottom line for NDAA 2023 is now at $817.3 billion.
Likewise, the House of Representatives is marching through the same terrain. Majority Leader of the House Steny Hoyer (D-MD) announced on 14 July that the House of Representatives was concluding review of the House's large quantity of amendments. On 17 July the House passed its version of NDAA 2023 329-101, for $840 billion reflecting a 7% increase over 2022. It also includes hundreds of amendments.
Yet, both halves of Capitol Hill will need to speak the same language with the same funding before 1 Oct. Despite the general compliance with White House voices, one of many "road bumps" will likely be "…specific restrictions in the bill (that) could complicate future US arms sales and transfers to various US allies and security partners, including Turkey, Saudi Arabia and Egypt," per Defense News above. The fact that there is underlying concurrence within Capitol Hill, and between Capitol Hill and the White House, on NDAA issues is remarkable. But the President was asking for $733.2 billion. And when inflation and even recession threaten, and funding for issues such as Ukraine’s war are new to the process, "bean counting" will, well, count.
As for the substance, it so happens that President Biden has just engaged a large swath of Middle East countries as well as recent NATO negotiations with Turkey. This will require more deliberations across the two branches of US Government, once Capitol Hill can speak with one voice.
As reported on 16 July by the New York Times (NYT) David E. Sanger and Peter Baker, the importance of Gulf alliances, to include Egypt and Saudi Arabia, are part of a greater strategy. Biden's difficult visit to Saudi Arabia, given recent divisions between the countries, seems to exemplify the late Reverend Desmond Tutu's dictum: "If you want peace, you do not talk to your friends. You talk to your enemies." As for Sanger's and Baker's view, they believe that Biden's intent was part of a much greater strategic plan. "Mr. Biden is driven by a new concern: That his forced dance with dictators, while distasteful, is the only choice if his larger goal is to contain Russia and outmaneuver China."
But Saudi gas instead of Russian gas is only part of the equation: "Perhaps the most notable of Mr. Biden's flurry of announcements with the Saudis was an agreement signed Friday night (12 July) to cooperate on a new technology to build next generation 5G and 6G telecommunications networks in the country." Sanger and Baker underscore the fact that this pushes back the Chinese, who have not been truly challenged in competition to date. Biden believes that freedom and innovation "go hand in hand."
How does this track with cyber advances? Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies, is quoted in this article as understanding the advantages: "Quickly build up a prototype here in Saudi Arabia, prove that it works at scale, and become a model for the region…a pragmatic, reality-based project."
As to whether this direction is driven by oil issues, the journalists cite Kori Schake, Director of Foreign and Defense Studies at the American Enterprise Institute, a think tank, who states that in addition to other Chinese and Russian issues, "…it's also the result of Biden administration policy setting up the China challenge as democracy vs autocracy which puts Saudi on the Chinese side of the ledger."
An even deeper analysis of this Middle East coalition, to include Israel, is presented by The Atlantic's Daniel B. Shapiro's 12 July report on Biden's new coalition approach. While it does not address cyber specifically, it does discuss the benefit of normalization agreements (the Abraham Accords) including Israel and secondly, the inclusion of Israel in the US Central Command (CENTCOM) which contributes to more open dialogues to include security issues, which leads us to cybersecurity. The US, however, would not necessarily take the lead on all these issues, as, "beyond the security sphere, they (these Middle East countries including Israel) are positioned to work together to seize opportunities in technology, trade agriculture, water and food security." Shapiro projects that "A US presence calibrated to play this role is far more likely to sustain ongoing bipartisan support, enabling the United States to protect its interests and meet its commitments." And thus, we are back to where we started: the need for bipartisan agreement to advance cybersecurity, inter alia.
While all the above may sound promising, consider the other side.
The Washington Post's Joseph Marks sees a more challenging cybersecurity future. In "Cybersecurity's bad and it's getting worse," Marks analyzes the last 8 years on his cybersecurity beat where cyber was a "shadowy topic." It evolved due to the Target credit card breach which leading to significant resonance with a broad swath of US shoppers. He outlines how year by year, "…cyber insecurity became a more fundamental and important aspect of US policy, politics and daily life." He is quite critical of the shortcomings of the US government and other large institutions which have not reined in the perpetrators for a variety of reasons, and projects that with the rise in technology, the future for cybersecurity is looking down, not up.
The Wall Street Journal's James Rundle and Vipal Monga would agree. In "Cyber Funding, Plentiful for Years, Faces a Reckoning" they explore the impact of the financial downturn the marketplace and the populace at large are facing. They opine that venture capital, from which cybersecurity companies benefited in recent years to fight against hacking and for tech startups to counter such cyberattacks, is now fearful of a "…recession and disruption in the wider technology market" which are starting to reduce investments in cyber. The other side of the equation, however, is that the US government needs private sector support as well, and that cybersecurity growth is in large part related to the current threat environment. Most do not expect that to end anytime soon.
Inside the US government, in addition to the cyber experts exerting influence in moving to more "forward" postures, other adjustments are well underway. The US Army is shifting some of its military manpower away from counterinsurgency commitments to doubling the strength of its active duty cyber corps,ccording to Colin Demarest writing for C4isrnet. Adding the National Guard and reservists, the total will rise from 8,000 to 13,000 by 2030.
From across the pond, the Economist on 2 July discusses "Venture capital: The reckoning" and the current state of investments in the tech world. The bottom line "cheerful" note is that venture capital losses are not as bad as the 2000-2001 dotcom disaster. The article maintains that 67 of 70 top mostly tech world start-ups can survive until 2025. It goes on to note:
"Now the war in Ukraine, China's purging of its tech industry and rising interest rates mean capitalism’s moon-shot machine is earthbound. Public markets were the first to be hit. The Nasdaq index, which is weighted towards technology companies, has fallen by nearly 30% so far this year in a gruesome reckoning."
Readers here might assess this bull-to-bear fall as a long-term hibernation, but the Economist attempts to conclude on a high note. It addresses the fact that European and Asian venture capitalists are more self-sustaining and not as dependent on "flighty" American capital but rather have "…enduring links to local financial firms and entrepreneurs." And they are there for the long run. The article continues, noting that "…the opportunity for innovation remains vast."
The NYT's "The Morning" by David Leonhardt July 14 focuses on "the semiconductor problem"—the problem being that the US doesn't make any semiconductors. He notes that 90% of the most advanced ones—used for smartphones, military technology (for those new Army cyber corps folk, for example)—are made in Taiwan. The US does not make any. An attempt to get a bill passed last summer to jump-start domestic production passed in the House in February 2022, but the Senate's bill is stuck, and the two entities that have, as noted at the beginning of this Cyber Scene, worked together in a bipartisan manner regarding the NDAA 2023, have not come to an agreement on this bill. Leonhardt notes that there is a broad consensus of proponents including President Biden, most Democrats in Congress, and a "meaningful number" of Republicans. On Monday, 25 July President Biden met virtually with the CEOs of Lockheed Martin, Medtronic PLC and Cummins Inc., as well as labor leaders, and said the bill, which would provide $52 billion in subsidies to domestic semiconductor manufacturers, was very important to national and economic security. The article continues to suggest ways that this could be addressed before the August recess of Congress.