Cyber Strategies for a World at War

OPEN SOURCE AGGREGATION & ANALYSIS

The Highlighter: Securing Cyberspace for the 44th Presidency – Part I

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part I includes highlights of the:

  • Executive Summary
  • Summary of Recommendations
  • Introduction

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

This report makes use of a broad definition of cyberspace that goes beyond the Internet to include all forms of networked, digital activities.

Executive Summary

(1) cybersecurity is now a major national security problem
(2) decisions and actions must respect privacy and civil liberties
(3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure

We were encouraged in our work by senior officials in the Department of Defense, the intelligence community, and other agencies who told us that cybersecurity was one of the greatest security challenges the United States faces in a new and more competitive international environment.

Major agencies play key roles set by presidential directives and coordinated by the White House.

We propose creating a new office for cyberspace in the Executive Office of the President. This office would combine existing entities and also work with the National Security Council in managing the many aspects of securing our national networks while protecting privacy and civil liberties.

Government must recast its relationship with the private sector as well as redesign the public-private partnership to promote better cybersecurity.

The Bush administration took a major step toward improving federal cybersecurity with its Comprehensive National Cybersecurity Initiative.

…we face a long-term challenge in cyberspace from foreign intelligence agencies and militaries, criminals, and others, and that losing this struggle will wreak serious damage on the economic health and national security of the United States.

Summary of Recommendations

The president should appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the NSC that absorbs existing Homeland Security Council (HSC) functions.

…recommend the president direct the creation of three new groups [with the private sector] that provides the basis for both trust and action:

  • A presidential advisory committee organized under the Federal Advisory Committee Act (FACA), with senior representatives from the key cyber infrastructures. This new body would incorporate the National Security and Telecommunications Advisory Committee (NSTAC) and National Infrastructure Advisory Council (NIAC);

The government could reinforce regulation by making the development of secure control systems an element of any economic stimulus package that invested in infrastructure improvements.

The president should task the National Security Agency (NSA) and NIST, working with international partners, to reform the National Information Assurance Partnership (NIAP).

The president should direct the NOC and appropriate agencies, using the federated regulatory model outlined in chapter 4 and consulting with industry and the privacy and civil liberties community, to implement critical infrastructure authentication.

The Federal Trade Commission (FTC) should implement regulations that protect consumers by preventing businesses and other services from requiring strong government-issued or commercially issued credentials for all online activities by requiring businesses to adopt a risk-based approach to credentialing.

The president should work with Congress to rewrite the Federal Information Security Management Act (FISMA) to use performance-based measurements of security.

The NOC, working with OMB, NIST, and NSA, should develop risk-based standards covering all federal IT systems.

Introduction: The Hidden Battle

America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration…

The immediate risk lies with the economy.

Weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors.

Fleets, armies, and military alliances will not be as important in this competition as the ability for a nation to accelerate its technological progress and economic growth, to create new ideas and products, and to protect its informational advantages. Gaining asymmetric advantage over an opponent will be more important than amassing ponderous conventional forces.

In 1998, a presidential commission reported that protecting cyberspace would become crucial for national security. In effect, this advice was not so much ignored as misinterpreted—we expected damage from cyber attacks to be physical (opened floodgates, crashing airplanes) when it was actually informational.

Senior representatives from the intelligence community told us that they had conclusive evidence, covertly obtained from foreign sources, the U.S. companies have lost billions in intellectual property. See “Threats Posed by the Internet,” from the first phase of our work; it is on the CSIS Web site at http://www.csis.org/media/csis/pubs/081028_threats_working_group.pdf.

Porous information systems have allowed our cyberspace opponents to remotely access and download critical military technologies and valuable intellectual property—designs, blueprints, and business processes—that cost billions of dollars to create.

Scrambling data and information can also provide real military benefit: the United States uses blue-force tracking that tells commanders where friendly forces are located; imagine if an opponent could randomly turn some of the blue signals to red or make some of the red-force tracking disappear.

Our goal has been to find both immediate and long-term steps that a new administration can take to increase costs and risks for cyber attackers and reduce the benefits they gain.

Our government is still organized for the industrial age, for assembly lines and mass production. It is a giant, hierarchical conglomerate where the cost of obtaining information and making decisions is high when this requires moving across organizational boundaries. There is a more efficient way to govern. We found new models in the experience of the private sector, where networks and technology have allowed companies to test new ways for their employees and partners to work together. The use of information sharing and collaboration raises productivity, lowers costs, and improves performance.

A strategic approach to security requires reorganization. Our principal recommendations for security do not call for a supercop but for a strategist who, under the direction of the president, can plan and implement the move to a secure, information-age national government.

…the Bush administration announced a new and important cyber initiative. Although much of the initiative was highly classified, we have amended our work when necessary to take the initiative into account.

Let us be clear on the Bush administration’s Comprehensive National Cybersecurity Initiative (CNCI): It is good but not sufficient. The next administration should not start over; it should adopt the initial efforts of the initiative, but it should not consider it adequate. The CNCI has its focus on defending government–.gov, in other words—and approach that skilled opponents will be able to outflank. In key areas for cybersecurity—strategy, broad military doctrine, critical infrastructures, regulation, identity—there is no corresponding effort in the CNCI. Despite the CNCI, we were encouraged by efforts of senior officials at the Departments of Defense and Homeland Security and at the Office of the Director of National Intelligence to develop recommendations for a coordinated, strategic approach by the U.S. government to the problem. This is the central focus of our work.

We began with one central finding: The United States must treat cybersecurity as one of the most important national security challenges it faces. Cybersecurity can no longer be relegated to information technology offices and chief information officers. Nor is it primarily a problem for homeland security and counterterrorism. And it is completely inadequate to defer national security to the private sector and the market. This is a strategic issue on par with weapons of mass destruction and global jihad, where the federal government bears primary responsibility.

————————————————————————————————————————-

Coming soon…

The Highlighter: Securing Cyberspace for the 44th Presidency – Part II

Sections 1 Create a Comprehensive National Security Strategy for Cyberspace

————————————————————————————————————————-

Read the full CSIS report
About The Highlighter

Advertisements

Filed under: Analysis, cyber security, Doctrine, Policy, Politics, Strategy, The Highlighter, , , , , , , , , , , , , , , , , , ,

2 Responses

  1. […] the full CSIS report About The Highlighter The Highlighter: Securing Cyberspace for the 44th Presidency – Part I The Highlighter: Security Cyberspace for the 44th Presidency – Part II The Highlighter: Securing […]

    Like

  2. When someone writes an paragraph he/she keeps the thought of a user in his/her brain that how a user can know
    it. Therefore that’s why this post is perfect. Thanks!

    Like

Join the Discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Reader Survey


ADVERTISEMENT

In May 2013, Glenn Greenwald set out for Hong Kong to meet an anonymous source who claimed to have astonishing evidence of pervasive government spying and insisted on communicating only through heavily encrypted channels. That source turned out to be the twenty-nine-year-old NSA contractor Edward Snowden, and his revelations about the agency's widespread, systemic overreach proved to be some of the most explosive and consequential news in recent history, triggering a fierce debate over national security and information privacy... [MORE]


ADVERTISEMENT

In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do... [MORE]


ADVERTISEMENT

Dispatched by M to investigate the mysterious disappearance of MI6’s Jamaica station chief, Bond was expecting a holiday in the sun. But when he discovers a deadly centipede placed in his hotel room, the vacation is over.

On this island, all suspicious activity leads inexorably to Dr. Julius No, a reclusive megalomaniac with steel pincers for hands. To find out what the good doctor is hiding, 007 must enlist the aid of local fisherman Quarrel and alluring beachcomber Honeychile Rider. Together they will combat a local legend the natives call “the Dragon,” before Bond alone must face the most punishing test of all: an obstacle course—designed by the sadistic Dr. No himself—that measures the limits of the human body’s capacity for agony.

The text in this edition has been restored by the Fleming family company Ian Fleming Publications, to reflect the work as it was originally published... [MORE]



 
The Art of Attention

© 2016 PROSOCHĒ. All Rights Reserved.
Fair Use Policy ҩ Terms of Service ҩ Privacy Policy ҩ Contact

Cyber Threat Assessment

 


ADVERTISEMENT

In this New York Times bestselling investigation, Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared... [MORE]


ADVERTISEMENT

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan... [MORE]


ADVERTISEMENT

ADVERTISEMENT

Support CSWW

Please help improve CSWW by providing us with your comments, concerns, and questions at our FEEDBACK page.

Editor, CSWW

Kurt Brindley is a retired U.S. Navy Senior Chief who specialized in the fields of tele-communications and C4SRI systems Upon retirement from the navy, he spent nearly a decade as a defense industry consultant. He now writes full time... [MORE]


ADVERTISEMENT

Now in development for film by 20th Century Fox, award-winning CyberStorm depicts, in realistic and sometimes terrifying detail, what a full scale cyber attack against present-day New York City might look like from the perspective of one family trying to survive it... [MORE]