The government’s on-again, off-again love affair with everything cyber is back on again. The CIA has just shifted its focus, abandoning its position as the free world’s foremost franchiser ofclandestine torture sites and rebranding as the agency of choice for all things cyberwar-related.
For years, legislators have been attempting to grant themselves permission to strong-arm tech companies into handing over all sorts of information to the government under the guise of cybersecurity. CISPA, CISA, etc. The acronyms come and go, but the focus is the same: information sharing.
Of course, the promise of equitable sharing remains pure bullshit. Tech companies know this and have been understandably resistant to the government’s advances. There are few, if any positives, to these proposed “agreements.” The government gets what it wants — lots and lots of data — and the companies get little more than red tape, additional restrictions and fleeing customers.
The government has recently been playing up the narrative that unreasonable tech companies are standing in the way of the nation’s super-secure future.
U.S. government officials say privately they are frustrated that Silicon Valley technology firms are not obtaining U.S. security clearances for enough of their top executives, according to interviews with officials and executives in Washington and California. Those clearances would allow the government to talk freely with executives in a timely manner about intelligence they receive, hopefully helping to thwart the spread of a hack, or other security issues.
The lack of cooperation from Silicon Valley, Washington officials complain, injects friction into a process that everyone agrees is central to the fight to protect critical U.S. cyberinfrastructure: Real-time threat information sharing between government and the private sector.
Before dealing with the questionable promise of “real-time threat information sharing,” let’s deal with the supposedly minor requirement of security clearances. It’s not as if this won’t impose undue burdens on tech company leaders, especially when they already have a pretty good idea this stipulation will be a major hassle followed by continued opacity from a government that’s 90% lip service and 10% outright lying. Tech execs are being asked to make all the effort and hope against hope there will actually be some benefits.
“I believe that this is more about the overclassification of information and the relatively low value that government cyberintel has for tech firms,” said one Silicon Valley executive. “Clearances are a pain to get, despite what government people think. Filling out the paper work … is a nightmare, and the investigation takes a ridiculous amount of time.”
“I think tech companies are doing a return-on-investment analysis and don’t think the government intel is worth the cost or effort,” said the Silicon Valley executive. “This is why government threat signature sharing initiatives are such a nothing-burger: The signatures are of limited value and only a few select companies with clearances can actually use them.”
The clearance process can easily take over a year. The application runs 127 pages and asks a mixture of questions ranging from highly-intrusive to facially-ridiculous.