16 February 2014

U.S. Needs a Cyber Plan In Face of Threats From Hacking, Cyberterrorism and Espionage

Tim Sample
Defense News
February 13, 2014

Commentary: US Needs a Cyber Plan

Recently, during the annual hearing on the nation’s most significant security threats, James Clapper, director of national intelligence, testified before the Senate Select Committee on Intelligence that “[s]everal critical governmental, commercial and societal changes are converging that will threaten a safe and secure online environment.”

What is clear from that testimony and recent events is that the country is teetering on a precipice. Our need for national security to exceed technical advances, our interdependence on the Internet and the economic boon of big data cannot be unwound.

As a nation, we are grappling with the questions of how far is too far with surveillance and how do we define the right balance among protection of personal liberties, market participation, government oversight and protection of our freedoms.

The threats we face — economically and militarily — are nontraditional, asymmetrical and not necessarily obvious. The “what if” scenarios of science fiction, from taking down critical infrastructure to controlling mass media and creating widespread panic through disinformation, are imaginable and possible.

Engaging in a national-level debate about these issues is a critical step. We are leading in cyber innovation and technology, but capabilities worldwide are rapidly changing. To maintain global leadership, we must recognize that we are acting in a highly connected world; diplomatic, economic and national security considerations can no longer be defined solely by nation states and geographic boundaries.

Hacking, cyberterrorism and espionage do not respect borders and are never neatly wrapped up into well-defined packages. We may not always know exactly who means to do the US harm, but we could still find ourselves trying to triage a situation and secure our economic assets and protect our nation’s health. From a military standpoint, we have only minutes and seconds to take countermeasures. The same can be said of securing our economic and financial systems, but they are less structured to respond.

To move forward, President Barack Obama must convene experts from government, business, academia and also privacy proponents and direct them toward an outcome, a desired goal. That goal is clear: Define, establish and adopt a national-level doctrine for the cyber era, an overarching set of principles on the roles of American business and government in working toward national security goals.

Such a doctrine should articulate the expectations that each of us, as citizens, have in terms of our government and, yes, our freedoms. As important, such a doctrine would define the government’s expectations of its citizens to help protect our country in this cyber era, when any node on a network, including your personal computer, could be compromised by those who would do us harm.

The US has been without such guiding principles since the end of the Cold War brought our doctrine of “containment” to a close. This has led us to lurch from crisis to crisis. That cycle must end; continuing on this path will keep us distracted by the next headline, delay a comprehensive approach to protect our democratic rights and freedoms, and increase our economic and national security vulnerabilities.

Done correctly, implementation of a new national-level doctrine could bring the nation together in focus and action.

In 2012, I convened a panel of experts from private industry, academia, military intelligence and government to define the issues we face in the new world of cyberwarfare and changing definitions of both security and privacy. The approximately 30 members defined a framework for developing the doctrine. The major points agreed upon by these experts are:

■ The US views the Internet as a critical component of its national security and wishes to enforce a secure, peaceful cyberspace.

■ In doing so, the US will take the lead internationally in cooperation with, but not subject to, other nations’ desires.

■ The US government, in cooperation with the private sector and individuals, will work to pur­sue reasonable rules for safe use and development of cyberspace.

■ The US will use all offensive and defensive means to protect its citizens and interests in cyberspace.

■ The US government will work in cooperation with its academic and corporate actors and citizens to establish a firm understanding of citizenship in the cyber age.

We urge the president to take a bold move and push this debate ahead to establish a doctrine that leads the US in the cyber era. ■

Tim Sample, former staff director of the US House Permanent Select Committee on Intelligence. He is vice president of Special Programs at Battelle and co-editor of “#CyberDoc: No Borders, No Boundaries – The Need for a National-Level Doctrine for the Cyber Era.”

No comments: