The terrorist threat against the U.S. remains dangerous 10 years after the 9/11 Commission issued its first report—only now the risk is greater online.
In a report issued Tuesday, panel members who studied the 2001 attacks urged Congress to enact cybersecurity legislation, the White House to communicate the consequences of potential cyber attacks to Americans, and leaders to work with allies to define what constitutes an online attack on another country.
“Nobody even mentioned cybersecurity in our deliberations” a decade ago, said former New Jersey Governor Thomas Kean, who led the panel.
“Now it’s a problem every single person we interviewed said should be right up front,” Kean said at an event in Washington Tuesday. They said that “we weren’t dealing with it properly.”
The panel said U.S. readiness against hackers is poor, quoting one unnamed former U.S. agency official who said, “We are at September 10 levels in terms of cyber preparedness.” The U.S. is writing cybersecurity policies to prevent electronic attacks, spurring calls by privacy groups for tougher safeguards and lobbying by companies seeking exemptions.
“The struggle against terrorism is far from over—rather, it has entered a new and dangerous phase,” according to the report, sponsored by the Bipartisan Policy Center and the Annenberg Public Policy Center.
The U.S. faces “a perfect storm,” Director of National Intelligence James Clapper said at the event. Threats to U.S. national security have increased while “intelligence collection and sharing have become more difficult,” Clapper said.
The report defends U.S. National Security Agency operations to collect and analyze data about hacking and terrorist threats. The NSA has confronted a domestic and international backlash over the extent of its digital spying exposed in documents leaked by former agency contractor Edward Snowden.
The leaks from Snowden have caused the U.S. to lose intelligence sources, Clapper said.
However, the government is developing an integrated information technology system for storing and sharing classified intelligence, which will reduce reliance on contractors, Clapper said. He didn’t provide more details.
“The bumper sticker is ‘tag the data, tag the people,'” he said. “We can audit the data, and we can audit with whom we are sharing that data.”
The spying revelations appear to have “seriously affected recruiting efforts” to lure young, talented workers to government service, according to the report.
“NSA applications reportedly fell by one-third in the wake of these disclosures, and the NSA was apparently disinvited from conferences at which it had recruited in the past,” according to the report.
Congress should pass legislation giving companies legal protection for sharing information about threats to their computer networks with the government and each other, the report said.
Such legislation has passed the House and is advancing in the Senate. It’s opposed by some privacy groups that argue it lacks safeguards to prevent violations of U.S. citizens’ rights.
“The Internet’s vulnerabilities are outpacing the nation’s ability to secure it,” according to the report. “A growing chorus of senior national security officials describes the cyber domain as the battlefield of the future.”
The report says al-Qaeda still poses a threat with new “breeding grounds” for attacks in Iraq and Syria.
The commission set up after the Sept. 11 attacks completed its work in 2004, after submitting its report and recommendations to then President George W. Bush.
The former commissioners point fingers at Congress for being resistant to reduce the 92 committees and subcommittees that have oversight of the Department of Homeland Security, which impedes the department’s work. They also said Congress has similarly left the intelligence budget fragmented. The panel says the administration of President Barack Obama has similarly failed to communicate to citizens the threat from hackers, according to the report.
“The American people remain largely unaware of the daily onslaught of cyber attacks against our nation’s most sensitive and economically important electronic networks,” the group said. “Unfortunately, cyber readiness lags far behind this rapidly growing threat.”