In recent weeks, WikiLeaks has released a stash of Central Intelligence Agency tools designed to break into phones, computers and other devices — a windfall for hackers and a headache for the devices' makers. With U.S. data breaches at an all-time high, it's alarming that even the CIA is vulnerable: If only the government put as much effort into protecting computer systems as it does into hacking them.
Some 90 percent of government cyberspending goes toward offensive efforts, according to Rick Ledgett, the departing deputy director of the National Security Agency. Apparently, the idea is that the best defense is a good offense. That's reasonable in physical war, which is how the Pentagon seems to be positioning us. As one military official characterized it: "If you shut down our power grid, maybe we'll put a missile down one of your smokestacks."
But in cyberspace, most of the battle is figuring out who the enemy is and what to deter. Only last month did the Justice Department indict Russian agents for hacking Yahoo back in 2014. It took two years for Yahoo itself to realize it had been hacked. A retaliatory missile sort of loses its effect if three years have elapsed and half a billion people's data has already been hawked on the darknet.