Cyber Strategies for a World at War

OPEN SOURCE AGGREGATION & ANALYSIS

The Highlighter: Securing Cyberspace for the 44th Presidency – Part III

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part III includes highlights of:

  • Section 2 – Organizing for Cybersecurity

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

2
Organizing for Cybersecurity

Recommendations

The president should appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the NSC that absorbs existing Homeland Security Council (HSC) functions.

A new National office for Cyberspace (NOC) would support the work of the assistant for cyberspace and the new directorate in the NSC. The president can create this office by merging the existing National Cyber Security Center (NSCS) and the Joint Inter-Agency Cyber Task Force (JIACTF). The assistant to the president for cyberspace would direct the NOC.

The central problems in the current federal organization for cybersecurity are lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility.

The Commission considered many options for how best to organize for cybersecurity. We grew to understand the importance of bridging across the federal agencies in order to leverage the knowledge to provide the best security for our nation.

We also recognize the importance of involving the private sector—the federal government cannot do this alone.

Our thinking on organization tracks with our finding that cybersecurity is now a central problem for national security. Our recommendation is to create a new “enterprise” governance model for cyberspace using the NSC, a collaborative network among the key agencies, and a new cyberspace office in the EOP.

We based our recommendations in part on the intelligence community’s experience in implementing the Intelligence Reform and Terrorist Prevention Act (IRTPA). IRTPA imposed a new, more collaborative structure on the intelligence community. It mandated a distributed “intelligence enterprise.” Congressional mandates, however, are not enough. It took a director of national intelligence (DNI) with the appropriate authorities to build collaboration.

What about the Department of Homeland Security?

One of the first tasks for the new administration will be to strengthen DHS.

DHS is not the agency to lead in a conflict with foreign intelligence agencies or militaries or even well-organized international cyber criminals.

Cybersecurity is no longer (if it ever was) a domestic issue. It is an issue of international security in which the primary actors are the intelligence and military forces of other nations.

Although the department’s performance has improved in recent years, our view is that any improvement to the nation’s cybersecurity must go outside of DHS to be effective. For that reason, we recommend that the White House, rather than any single agency, lead the new strategic and coordination functions required for cybersecurity.

A New Executive Branch Structure

We considered many alternatives for the best management of a comprehensive cybersecurity effort. The intelligence community has the necessary capabilities, but giving it a lead role poses serious constitutional problems, given the domestic interactions a comprehensive approach would require. DoD is well suited to manage a national mission, but giving it the lead could suggest a militarization of cyberspace. We also looked at Federal Bureau of Investigation (FBI), General Services Administration, or the creation of a small, stand-alone agency, and we decided that each of these alternatives had drawbacks. We concluded that only the White House has the necessary authority and oversight for cybersecurity. Our recommendation is to reorganize the federal effort at securing cyberspace. Our new structure has four elements:

  • An assistant to the president for cyberspace, who directs and is supported by a new office in the EOP—the National Office of Cyberspace.
  • A merger of the NSC and the HSC to create new directorate that (in addition to the NSC’s current offensive cyber responsibilities) provides coordination with other agencies around national cyberspace policy and strategies.
  • Three new private-sector advisory bodies to replace existing groups

The NSC is the organization best able to coordinate a national security strategy and the international, military, diplomatic, intelligence, and law enforcement activities it entails. We do not recommend locating the new position in the HSC. In fact, we recommend that the next administration merge the HSC into the NSC. The split between “homeland” and “foreign” makes no sense for cybersecurity and in a globalized world makes little sense for U. S. security in general.

National Office for Cyberspace

Only the NSC can ensure the integration of cyberspace into the larger national security strategy. The NSC, however, cannot assume the programmatic and management functions required for comprehensive cybersecurity….

…we recommend that the president establish a National Office for Cyberspace in the EOP. This office would be responsible for some of the functions currently performed in other agencies, including DHS, and, once operational, the NOC would relieve some of the pressure on the NSC and OMB. As an interim measure, the president could create an Office of Cyberspace via executive order, while working with the Congress to authorize and fund a permanent entity. The assistant to the president for cyberspace would direct the NOC. Its functions would be to:

  • Provide strategic direction and coordination on cyber defense and offense;
  • Monitor and assess federal agency priorities, programs, policies, and budgets for cybersecurity;
  • Develop new measures as necessary to improve the security and reliability of critical information infrastructure…
  • Provide a focal point for the private sector to coordinate on cybersecurity;
  • Ensure all programs are consistent with U. S. law and respect privacy and civil liberties.

We were attracted to a division of labor between the NSC and a new managerial office in the EOP. The NSC would develop strategy and ensure coordination among DoD, DoS, the intelligence community, and other relevant agencies; this is the traditional NSC role. But the NSC should not be operational. Instead, the new office would manage the implementation of the strategy and provide oversight and direction, particularly for the many cyberspace-related programs that cut across traditional agency responsibilities. Both the directorate and the NOC would report the assistant to the president for cyberspace.

The core of the NSC would come from the interagency staff currently providing coordination and monitoring functions for the CNCI.

The NOC should also absorb the National Cyber Security Center (NCSC)—its staff, funding, and mission.

The NOC would be responsible for overseeing the implementation of national cyber strategies in support of the administration’s cyber policies, including securing critical infrastructures. The NOC would lead policy and coordination for legislative requirements, in particular FISMA and the Clinger-Cohen Act.

The NOC would work with OMB to evaluate cyber-related funding and programs across the federal departments and agencies. Specifically, the NOC would recommend new and redirected cyber program elements and activities used across domestic budget programs, the National Intelligence Program, the Military Intelligence Program, Information Systems Security Program, and other cyber-related programs.

The NOC would be responsible for leading the development and overseeing the implementation of a national cyberspace strategy, including securing critical cyber infrastructures.

One of the most important functions of the NOC would be to create and manage a collaborative network for cybersecurity. This network must reach across government agencies and connect those with expertise and responsibility for cybersecurity.

The NOC would map expertise across the government and establish the collaborative tools (wikis and social networks, for instance) that will enable a new horizontal approach to addressing cyber problems.

Executives at a number of companies (and at DoD) told us that using Web 2.0 social networking tools increased risk, but the corresponding increase in productivity justified the exchange. Executives told us that their companies have incorporated blogs, wikis, and access to social networking sites deeply into their business operations, using a new business model that profitably let customers and partners participate on company networks, These executives also told us that if companies tried to restrict access, their most innovative and productive employees would leave for companies without similar restrictions.

The NOC must draw on private-sector experience to find new ways to ensure that government efforts are coordinated far more effectively than is done today.

Toward an Information-Age Government

Building a collaborative network could be a first step toward a new kind of government. Our industrial-age organization makes a cyber-dependent government vulnerable and inefficient. A collection of hierarchical “stovepipes” is easier to attack and harder to defend because security programs are not of equal strength (the weakest link compromises all) and stovepiped defenders cannot appreciate the scope of, and respond well to, a multiagency attack.

We believe that the administration’s response to the cybersecurity challenge provides an opportunity to test new approaches to federal organization that use cyberspace and social networking technologies to improve government performance.

The NOC can provide a test bed for the next president to experiment with how best to organize CIO functions in the federal government.

Congressional Oversight

We decided against making any recommendations on jurisdiction…

Although we believe that it is important to streamline congressional jurisdiction over cybersecurity and homeland security, we also recognize that such a responsibility lies not with the next president, but with the Speaker of the House and the majority leader of the Senate.

We believe that the next administration will achieve more lasting success by presenting a comprehensive package of cybersecurity improvements to the various committees; pragmatically, it is better that the next administration spend its time on achieving those goals rather than taking on jurisdictional battles in Congress.

————————————————————————————————————————-

Coming soon…

The Highlighter: Securing Cyberspace for the 44th Presidency – Part IV

Section 3 –  Rebuilding Partnership with the Private Sector

————————————————————————————————————————-

Read the full CSIS report
About The Highlighter
The Highlighter: Securing Cyberspace for the 44th Presidency – Part I
The Highlighter: Security Cyberspace for the 44th Presidency – Part II

Advertisements

Filed under: The Highlighter, , , , , , , , , , , , , , , , , , , ,

One Response

  1. […] the 44th Presidency – Part I The Highlighter: Security Cyberspace for the 44th Presidency – Part II The Highlighter: Securing Cyberspace for the 44th Presidency – Part III The Highlighter: Securing Cyberspace for the 44th Presidency – Part […]

    Like

Join the Discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Reader Survey


ADVERTISEMENT

In May 2013, Glenn Greenwald set out for Hong Kong to meet an anonymous source who claimed to have astonishing evidence of pervasive government spying and insisted on communicating only through heavily encrypted channels. That source turned out to be the twenty-nine-year-old NSA contractor Edward Snowden, and his revelations about the agency's widespread, systemic overreach proved to be some of the most explosive and consequential news in recent history, triggering a fierce debate over national security and information privacy... [MORE]


ADVERTISEMENT

In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do... [MORE]


ADVERTISEMENT

Dispatched by M to investigate the mysterious disappearance of MI6’s Jamaica station chief, Bond was expecting a holiday in the sun. But when he discovers a deadly centipede placed in his hotel room, the vacation is over.

On this island, all suspicious activity leads inexorably to Dr. Julius No, a reclusive megalomaniac with steel pincers for hands. To find out what the good doctor is hiding, 007 must enlist the aid of local fisherman Quarrel and alluring beachcomber Honeychile Rider. Together they will combat a local legend the natives call “the Dragon,” before Bond alone must face the most punishing test of all: an obstacle course—designed by the sadistic Dr. No himself—that measures the limits of the human body’s capacity for agony.

The text in this edition has been restored by the Fleming family company Ian Fleming Publications, to reflect the work as it was originally published... [MORE]



 
The Art of Attention

© 2016 PROSOCHĒ. All Rights Reserved.
Fair Use Policy ҩ Terms of Service ҩ Privacy Policy ҩ Contact

Cyber Threat Assessment

 


ADVERTISEMENT

In this New York Times bestselling investigation, Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared... [MORE]


ADVERTISEMENT

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan... [MORE]


ADVERTISEMENT

ADVERTISEMENT

Support CSWW

Please help improve CSWW by providing us with your comments, concerns, and questions at our FEEDBACK page.

Editor, CSWW

Kurt Brindley is a retired U.S. Navy Senior Chief who specialized in the fields of tele-communications and C4SRI systems Upon retirement from the navy, he spent nearly a decade as a defense industry consultant. He now writes full time... [MORE]


ADVERTISEMENT

Now in development for film by 20th Century Fox, award-winning CyberStorm depicts, in realistic and sometimes terrifying detail, what a full scale cyber attack against present-day New York City might look like from the perspective of one family trying to survive it... [MORE]