How to Save Cyberspace
Image Credit: Flickr / Tom Thai

How to Save Cyberspace

0 Likes
4 comments

The extensive press coverage regarding alleged Chinese involvement in cyber espionage, as well as Beijing’s high-profile Internet censorship efforts, have underscored a worrying reality for U.S. officials – U.S. cyberspace policies are still at an embryonic stage. Worse – this comes as the U.S. is faced with a dire threat to its own security.

A highly publicized report to Congress by the U.S.-China Economic and Security Review Commission earlier this month observed that China’s “professional state sponsored intelligence collection not only targets a nation’s sensitive national security and policymaking information, it increasingly is being used to collect economic and competitive data to aid foreign businesses competing for market share with their U.S. peers.”

The report also noted that China is aware of gaps in U.S. cyber strategies, and may be exploiting gray areas in “U.S. policymaking and legal frameworks to create delays in U.S. command decision making.” Yet despite the magnitude of the challenge at hand being clear, the next president – whether it’s Barack Obama or Republican frontrunner Mitt Romney who wins the White House in November – will be faced with a frustrating but necessary challenge in tackling U.S.-Chinese cybersecurity engagement.

The Problem

After the White House published Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure in June 2009, several initiatives were launched or announced by elements of the U.S. defense community.In 2010, declassification of the Comprehensive National Cybersecurity Initiative (CNCI), enabled the timely development of a framework for international partnerships consistent with a common cybersecurity policy. In 2011, the White House released the U.S. International Strategy for Cyberspace. Subtitled, Prosperity, Security, and Openness in a Networked World,the document falls short of providing the solutions necessary to live up to its name. The simple fact is, without security there can be no prosperity or openness. This is where the new strategy is woefully inadequate – it lacks security strategies informed by technology rather than private sector lobbyists.

The sole purpose of cyberspace is to create effects in the real world. The United States’ high-tech sector leads the world in the innovation and development of computers, software and Internet services. These technologies are the backbone of the global information society. U.S. companies provide technologies that allow more and better digital information to flow across borders, thereby enhancing socioeconomic and human development worldwide. When markets and Internet connections are open, U.S. IT companies shape the world and prosper.

But leveraging the benefits of the Internet can’t occur if confidence in networked digital information and communications technologies is lacking. In cyberspace, security is the cornerstone of openness and prosperity. Cyber policies and strategies must therefore focus on promoting trust, network security, authentication, privacy and consumer protection.

In addition to benefits of free flowing communications, utility companies and industry rely on cyberspace to control critical systems. Electricity, water treatment, public health and financial services are at risk from operating specialized industrial control and embedded systems without appropriate security controls.

Today’s White House strategy prevents the federal government and the U.S. military from utilizing its expertise to protect private sector networks over which critical services flow – those that are often responsible for our prosperity.

To date, there hasn’t been a cyber event that has caused the destruction of critical infrastructure, but it would be poor strategy to do so right now anyway. Why? Because once such an attack is launched, defenders will learn from it, fixing weaknesses and preventing the same attack in the future. Thus, an American adversary is wise to avoid such an attack until a broader conflict between the United States and an adversarial nation is imminent.

Comments
4
MattC
March 23, 2012 at 18:48

I have no doubt we will see a cyber attack at some point very soon. Im very cynical when I say I believe it will be created by The West in order to facilitate its pressing requirements. At the end of the day this sort of espionage by other states has been going on prolifically for years. Any large publicised attack will be sold to the public as something new and dangerous for whcih we need to hand more of our liberties away

MattC
March 23, 2012 at 18:45

Rise of the American “surveillance state” is forging ahead.

With all of these recommendations I see zero consideration of the negative aspects of such policy implications. This is highly concerning both in the US context and for the US relationship to states in the international context. A more balanced article would be appreciated to consider both sides of the argument.

Negative impacts include -

- Infringment on civil liberties in the name of national security

- Institution Oversight & Transparency – How is data secured? How do we know it’s not analysed. Who do these organisations answer to when that gets asked? For instance although the US is allowed to collect data on US citizens it specifically cannot mine and analyse it without Congress approval. This is where it gets tricky. This policy does not preclude its intelligence partners such as Canada the UK, Aus & NZ from analysing that data for them and vice versa.

- Encroaching on the Sovereignty of international states by US policy mandates by way of Rules, Regulation and Diplomacy.

Tha’ts just a short taste but the point is if you are going to write an article proposing new policies lets see the negative implications as well because there are many.

Vytautas
March 23, 2012 at 15:36

Excellent article. The Solution section is worthy of attention and implementation. Fully agree that the attribution debate needs to focus away from trying to find the individual and more on addressing malicious cyber activities originating or transiting through a nation’s cyberspace “jurisdiction”. Nations should not be blamed but informed as one good neighbor to another that there is a problem that needs to be addresed.

anon
March 22, 2012 at 05:08

Good article. Everything is on target except for the NSA under Cyber Comm idea. Not only will that not happen, but it should that not happen for many reasons.

Last year at BLACKHAT, CIA vet Cofer Black argued that the US won’t take the cyber war threat seriously until we fall victim to a major attack; “Men’s minds have difficulty adapting to things with which they have no experience.” Unfortunately, I’m starting to agree.

Share your thoughts

Your Name
required
Your Email
required, but not published
Your Comment
required

Newsletter
Sign up for our weekly newsletter
The Diplomat Brief