Cyber Strategies for a World at War

OPEN SOURCE AGGREGATION & ANALYSIS

The Highlighter: Securing Cyberspace for the 44th Presidency – Part II

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part II includes highlights of:

  • Section 1 – Create a Comprehensive National Security Strategy for Cyberspace

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

1
Create a Comprehensive National Security Strategy for Cyberspace

The president should state as a fundamental principle that cyberspace is a vital asset for the nation and that the United States will protect it using all instruments of national power, in order to ensure national security, public safety, economic prosperity, and the delivery of critical services to the American public.

Our influence as a nation is at its lowest point in decades.

Years of underinvestment have weakened both government and our scientific establishment (and, in the case of government, scorn from those who sought to shrink it). The reputation of the United States has been badly tarnished, and our failure to defend cyberspace, despite huge informational losses, has encouraged our opponents to increase their attacks.

Strategies articulate goals and identify the means to achieve them. The United States has clear goals—to defend itself and its allies from threats and intimidation, increase openness to trade and to ideas, and expand the rule of law and democracy.

…we recommend a clear articulation of the importance of cyberspace of the nation.

To some extent expressing principles for cyberspace is more difficult than expressing a military doctrine designed to protect our physical territory.

Cyber attack joins terrorism and weapons of mass destruction (WMD) as one of the new, asymmetric threats that put the United States and its allies at risk.

A comprehensive cybersecurity strategy must engage all elements of U. S. power—economic, diplomatic, and law enforcement as well as military and intelligence.

As with the larger national security strategy, we identify four principal instruments—international engagement, military and defense actions, economic tools, and the coherent use of intelligence and law enforcement capabilities—to achieve this.

One model for the new approach, which we recommend for the next president, can be found in the U. S. experience with nonproliferation and WMD.

International Engagement and Diplomacy

The international aspects of cybersecurity have been among the least developed elements of U. S. cybersecurity policy.

We recommend that the United States advocate measures to secure cyberspace in every multilateral initiative where it is appropriate, just as we have advocated measures to advance nonproliferation or to combat terrorism.

The U. S. willingness to cooperate with other governments on cybersecurity matters will be an important component of U. S. advocacy. That cooperation should focus on establishing norms, which are expectations or models for behavior.

Today, norms for cybersecurity are weakly articulated and enlisting a group of like-minded nations to develop and propagate such norms would improve security.

Norms can be reinforced by sanctions. The international component of U. S. cybersecurity strategy should include the development of sanctions for those countries that harbor cyber criminals or engage in cyber attacks.

Some object that it is not in the U. S. interest to promote norms as this could hamper our own ability to operate, while other nations that have repeatedly demonstrated a willingness to ignore norms would not be constrained.

…the United States should expand its work with allies (NATO, and more closely with the United Kingdom, Australia, and other close partners) on collective defense.

Collective defense in cyberspace provides some increase to deterrent capabilities—for example, knowing that an intrusion or attack on one nation will trigger responses from its allies or partners may lead attackers to reconsider and can increase the resources available for response.

…the United States should encourage nations to pass adequate laws and build operational and technical expertise.

The United States is already a party to the most important of these efforts, the Council of Europe Convention on Cybercrime.

Encouraging other countries to qualify for membership should be a diplomatic priority….

A cyber regime, modeled on the Missile Technology Control Regime or the G-8’s Financial Action Task Force (FATF), would bring together like-minded nations to develop international norms, common policies, and responses and to share sensitive national information on cybersecurity.

It is ironic that some of the countries that most vigorously advocate a UN treaty are known sanctuaries for cyber crime and are themselves suspected of launching cyber attacks.

Military Doctrine and Deterrence

Much of the discussion regarding the military aspects of cybersecurity is necessarily classified, thus limiting what our Commission can say on subjects such as offensive information warfare capabilities.

Although offensive cyber capabilities are not the only deterrent, possessing an offensive capability has a deterrent effect and the absence of an offensive capability makes deterrence a hollow threat.

We start with the recognition that DoD has made extensive progress in preparing for conflict in cyberspace. It is the best-prepared agency (along with components of the U. S. intelligence community) when it comes to cyber capability, including the development of a classified military doctrine for cyber warfare.

Doctrine must be linked to the larger national strategy, and the United States must find ways to communicate both national policy and military doctrine to potential opponents.

Military doctrine for cyberspace is dependent on the larger cyber strategy. A comprehensive national strategy will allow the United States to go beyond military operations, specify relationships among agencies, and lay out the decision making processes.

Military doctrine will need to provide guidance on the exercise of the various and overlapping legal authorities that apply to cyberspace, identifying when the use of law enforcement, military, or intelligence authorities is appropriate.

Military doctrine also needs to establish thresholds for response. When does an incident (or potential incident) in cyberspace justify either a preemptive action or retaliation?

Establishing thresholds for escalation is closely linked to deterrence—thresholds allow an attacker to better calculate the potential cost of an action.

Current efforts are ongoing to develop doctrine for deterrence, but they face significant impediments.

Deterrence in cyberspace is particularly complicated because of the problems with attribution and identification.

In light of the difficulties in attributing an attack, we may need to rethink how deterrence works in cyberspace. Instead of focusing only on counteractions, we may improve deterrence if we act and invest in order to ensure resiliency and continuity of service.

Deterrence is also hampered by the lack of a public strategy and military doctrine. The deterrent effect of an unknown doctrine is quite limited.

Given the newness of cyber warfare, we should not be surprised that there is no lexicon for strategic conflict in cyberspace, nor clear rules of engagement, nor a menu of responses, nor the means to signal intentions to potential opponents.

Symmetry is a related problem.

Some nations are far less dependent than the United States on the Internet and other networks. A few nations, such as China, have developed Internet architectures that provide a degree of insulation from cyber attack. Finally, nonstate attackers face none of the constraints that operate on a nation-state.

The next administration needs to establish a comprehensive national cyber strategy that provides a proactive approach to securing cyberspace and that guides military doctrine and other national policies. The goal should be an evolving public document that lays out the framework for action.

A final point on military doctrine and deterrence is that there must be a public awareness. One dilemma with the Comprehensive National Cybersecurity Initiative (CNCI), which was established in January 2008, was that it was highly classified and thus could not be easily shared with the public, industry, or even close allies.

A credible military posture will require adequate resources for training and equipping forces in cyberspace.

A lack of a defined career path also hampers cyber-warfare efforts.

Developing a career path and training programs to create a dedicated cadre is an essential next step….

Economic Policy

Our recommendation is that the United States not underestimate the potential of these economic tools, for much economic power rests on the strength of U. S. industry in the global IT market.

…commitments to improve cybersecurity and to work against cyber crime should become a routine part of our international negotiations.

Standards and standard-setting processes have become particularly important for shaping cyberspace.

U. S. policies and actions on international Internet governance can also increase cybersecurity.

The U. S. goal must be to promote a cyberspace that is open and that provides global links.

…an economic strategy for cyberspace must include working to increase trust in the IT supply chain.

We cannot go back to a national supply chain, but for a few critical functions the United States will need to ensure that it retains sufficient manufacturing capabilities to supply trusted components and software.

Intelligence and Law Enforcement

The intelligence community has been a leader in the efforts to improve cybersecurity.

The intelligence community, given its unique authorities, is best suited to develop and deploy an early warning system for cyberspace, to detect and identify hostile foreign actions. Part of this early warning should include efforts to improve attribution, for without concrete attribution, deterrence is more difficult to achieve and sanctions impossible to implement.

The primary dilemma for intelligence entities is deciding when it is appropriate to use covert actions undertaken by the intelligence community to prevent or respond to a cyber attack and when to use the offensive capabilities developed by the military for cyber warfare.

The president should ensure that both the military and the intelligence community expand their offensive capabilities under an appropriate framework for the authorization of covert action. A presidential directive could provide the framework for covert action in cyberspace that clarifies when military commanders are authorized to respond and when, as required by law, covert action is authorized by a formal presidential finding.

But the United States must first diagnose and attribute the attack on penetration before making those decisions, and sometimes it may be necessary to employ several responses at once.

…nothing upends an attack quite so decisively as arresting the person who is committing it; nor could technical experts hope for a better diagnostic and network repair tool than data seized by law enforcement on the attacker’s own computer. The criminal hacker community pays attention when other computer criminals are caught and punished.

Improvements in the legal regime for government (and multination) access to data in cyberspace will help improve collaboration with foreign partners.

The United States is already a party to the most important of these efforts, such as the Council of Europe Convention on Cybercrime and the G-8 Subgroup on High-Tech Crime.

One essential function for the U. S. Department of Justice is to ensure adequate protections for privacy and civil liberties in any cyber initiative. Acceptance of a more robust program will depend in some measure on the ability of the government to assure the public that its rights are being safeguarded.

Establishing a fundamental national goal for cyberspace and creating a comprehensive national strategy to achieve it will vastly improve our performance in cybersecurity. This strategy must be complemented, however, by organizational changes that reinforce a comprehensive approach

————————————————————————————————————————-

Coming soon…

The Highlighter: Securing Cyberspace for the 44th Presidency – Part III

Section 2 Organizing Cybersecurity

————————————————————————————————————————-

Read the full CSIS report
About The Highlighter
The Highlighter: Securing Cyberspace for the 44th Presidency – Part I

Advertisements

Filed under: The Highlighter, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

15 Responses

  1. 迷你倉 says:

    Hope that the USA will be “open to trade” during & after the financial crisis.
    Tony
    荔枝角卓越迷你倉
    香港仔時昌迷你倉

    Like

  2. […] report About The Highlighter The Highlighter: Securing Cyberspace for the 44th Presidency – Part I The Highlighter: Security Cyberspace for the 44th Presidency – Part II The Highlighter: Securing Cyberspace for the 44th Presidency – Part III The Highlighter: Securing […]

    Like

  3. 迷你倉 says:

    Thanks for the information.

    By 迷你倉

    Like

  4. welcome vist to this ie

    Like

  5. 文件柜 says:

    please say to this

    Like

  6. come to this ie vist to page

    Like

  7. chinawholesaletown says:

    to this page

    Like

Join the Discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Reader Survey


ADVERTISEMENT

In May 2013, Glenn Greenwald set out for Hong Kong to meet an anonymous source who claimed to have astonishing evidence of pervasive government spying and insisted on communicating only through heavily encrypted channels. That source turned out to be the twenty-nine-year-old NSA contractor Edward Snowden, and his revelations about the agency's widespread, systemic overreach proved to be some of the most explosive and consequential news in recent history, triggering a fierce debate over national security and information privacy... [MORE]


ADVERTISEMENT

In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do... [MORE]


ADVERTISEMENT

Dispatched by M to investigate the mysterious disappearance of MI6’s Jamaica station chief, Bond was expecting a holiday in the sun. But when he discovers a deadly centipede placed in his hotel room, the vacation is over.

On this island, all suspicious activity leads inexorably to Dr. Julius No, a reclusive megalomaniac with steel pincers for hands. To find out what the good doctor is hiding, 007 must enlist the aid of local fisherman Quarrel and alluring beachcomber Honeychile Rider. Together they will combat a local legend the natives call “the Dragon,” before Bond alone must face the most punishing test of all: an obstacle course—designed by the sadistic Dr. No himself—that measures the limits of the human body’s capacity for agony.

The text in this edition has been restored by the Fleming family company Ian Fleming Publications, to reflect the work as it was originally published... [MORE]



 
The Art of Attention

© 2016 PROSOCHĒ. All Rights Reserved.
Fair Use Policy ҩ Terms of Service ҩ Privacy Policy ҩ Contact

Cyber Threat Assessment

 


ADVERTISEMENT

In this New York Times bestselling investigation, Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared... [MORE]


ADVERTISEMENT

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan... [MORE]


ADVERTISEMENT

ADVERTISEMENT

Support CSWW

Please help improve CSWW by providing us with your comments, concerns, and questions at our FEEDBACK page.

Editor, CSWW

Kurt Brindley is a retired U.S. Navy Senior Chief who specialized in the fields of tele-communications and C4SRI systems Upon retirement from the navy, he spent nearly a decade as a defense industry consultant. He now writes full time... [MORE]


ADVERTISEMENT

Now in development for film by 20th Century Fox, award-winning CyberStorm depicts, in realistic and sometimes terrifying detail, what a full scale cyber attack against present-day New York City might look like from the perspective of one family trying to survive it... [MORE]