Snowden on Cyberwar: America Is Its Own Worst Enemy

A hand is silhouetted in front of a computer screen. Pawel Kopczynski/Reuters

After a year punctuated by hacks and data breaches, most notably a cyberattack against Sony, President Barack Obama used part of his State of the Union address on Tuesday to mention the growing threat to cybersecurity. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids," he said.

The president's speech came a week after the White House outlined a cybersecurity policy proposal that calls for more information sharing between the private sector and government, an increase in penalties for hacking and an update in the standards for when companies have to report that their customers' data has been compromised.

Yet in a recent interview on PBS's Nova, Edward Snowden, the former National Security Agency (NSA) contractor who leaked a large number of classified documents about government surveillance, argued that one of the biggest threats to American cybersecurity may actually be ourselves.

"When the lights go out at a power plant sometime in the future," Snowden said, "we're going to know that that's a consequence of deprioritizing defense for the sake of an advantage in terms of offense."

In the interview, Snowden argued that Stuxnet, a digital virus that the U.S. and Israel allegedly used to attack Iran's nuclear program in 2007, was a tipping point in the history of cyberconflict and led to a proliferation of attacks. "I think the public still isn't aware of the frequency with which these cyberattacks, as they're being called in the press, are being used by governments around the world," he said. "We really started this trend in many ways."

It's impossible to know how many cyberattacks have been carried out by or against the U.S. But the numbers appear to be rising. In 2013, U.S. military and federal government computers were invaded 46,605 times, up from 26,942 in 2009, according to the U.S. Computer Emergency Readiness Team, which is part of the Department of Homeland Security.

Underscoring Snowden's point: Der Spiegel released a trove of documents earlier this week, which revealed that the NSA broke into North Korea's computer network in 2010, out of fear of the country's growing cybercapabilities. That's why the FBI was quick to accuse North Korea of carrying out the Sony hack, which eventually led to the leak of sensitive internal documents and partially canceled the release of The Interview.

When "we start engaging in these kind of behaviors," Snowden said, "we're setting a standard. We're creating a new international norm of behavior that says this is what nations do."

Scott Shackelford, an assistant professor of business, law and ethics at Indiana University, says that Snowden "has a point," and that Stuxnet, because of its sophistication, did set a precedent. But he stressed that the U.S. didn't invent cyberattacks. "States," he said, "have been doing this for a while."

Part of the problem the U.S. faces when it comes to cybersecurity, Snowden says, is that the U.S.—and the NSA in particular—has focused too much attention, money and resources on offensive capabilities. While the U.S. Army, Navy, Marines and Air Force already have their own cyberforces, the NSA alone has nearly 40,000 employees who are responsible for spying and network attacks.

Another problem: The U.S. wants to create backdoors into communication services, such as smartphone operating systems. The president says this is necessary for counterterrorism surveillance purposes, but Snowden believes it leaves the U.S. open to cyberattacks.

"That's making us more vulnerable not just to the snooping of our domestic agencies but also foreign agencies," the former NSA contractor said. "The reality is, when you make those systems vulnerable so that you can spy on other countries and you share the same standards that those countries have for their systems, you're also making your own country more vulnerable to the same attacks."

The result, Snowden predicted, is that when hackers begin to target the U.S. economy, the country won't be prepared. "The next time the lights go off in a hospital, it's going to be in America, not overseas," he warned.

Shackelford agrees that the threat is real. But he cautioned that offensive capabilities are still a critical part of defense. "There does have to be a balancing act that clearly we haven't been the best always at," he said. "I think there is an element of shooting ourselves in the foot here, but at the same time you can't discount the benefits and security that we gain through this intelligence gathering."

In calling for new legislation, Obama has given renewed attention to cybersecurity and how the government can reduce the severity of the threat. Snowden may not agree with the White House's plan, but he does seem to agree with the president on one thing: When it comes to cybersecurity, the U.S. has an awful lot at stake. As Snowden put it: "We have more to lose than any other nation on earth."