27 January 2020

Uniting the Cyber Domain Stakeholders

Jessica Ojala
Introduction

The Cyber Domain has become increasingly important in the 21st century. As technology and the capabilities that follow continue to grow, the need for extensive cyber capabilities has also grown. The United States adversaries continue to grow in the cyber realm, as Russia and China continue to develop into near-peer adversaries. As Russia and China continue to develop their cyber capabilities, the United States also needs to build on their current capabilities. The United States faces an organizational dilemma when it comes to the cyber domain, as the Department of Defense, Department of Homeland Security, Intelligence Community, and the private sector all are stakeholders in the domain and the security. Uniting the stakeholders under one security domain, specifically quantum encryption, would strengthen the United States cyber defense against their adversaries. 

Definitions Regarding Cyber

Cyber covers an association with the elements of cyberspace.[i] The cyber domain is electronic information or data processing domain comprising of one or several information technology infrastructures.[ii] Cyberspace are artifacts based on or dependent on computing and communications technology; the information that these artifacts use, store, handle, or process; and the interconnections among these elements.[iii] Cybersecurity is the defense of computers and servers, mobile devices, electronic systems, networks and data from malicious attacks.[iv]


National Cyber Strategy

There are two main strategic goals regarding cyber defense. The first is to Secure federal networks and information. In order to do this, there are five priority actions.[v] These are:
Further centralize management and oversight of federal civilian cybersecurity
Align risk management and information technology activities
Improve federal supply chain risk management
Strengthen federal contractor cyber-security
Ensure the government leads in best an innovative practice

The second is to secure critical infrastructure, which has eight priority actions[vi]:
Refine roles and responsibilities
Prioritized actions according to identified national risks
Leverage information and communications technology providers as cybersecurity enablers
Protect democracy
Incentivize cybersecurity investments
Prioritize national research and development investments
Improve transportation and maritime cybersecurity
Improve space cybersecurity

Critical infrastructure is defined as the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination.[vii] Both of these strategy priorities define the organizational piece of the cyber domain and the priority actions emphasize the need for the centralization and reorganization of the cyber stakeholders.

Organization

The United States has four major stakeholders in the cyber domain: The Department of Defense, the Department of Homeland Security, the Intelligence Community, and the private sector. Each of these stakeholders have different objectives, but in terms of cybersecurity, the main objective needs to be national security. The three government entities are full of complicated relationships with multiple moving parts within, and the private sector has a different set of operating rules, complicating the role of cybersecurity. The roles and responsibilities the stakeholders have in the cyber domain need to be better defined and united under the cyber realm. 

Department of Defense

The Pentagon has five missions uniting the Department of Defense cyber strategy. The five missions of the Pentagon in regard to cyber are[viii]:
Defending the Military’s own networks
Protecting the corporations that make the weapons and form the defense industrial base
Ensuring the integrity of the U.S. weapons once deployed
Guarding the private-sector infrastructure that the military needs to do its job
Ready to go on the offensive to degrade potential enemies’ militaries in part through cyber operations

The Department of Defense has also developed their own cyberspace objectives. These objectives include[ix]:
Ensuring the joint force can achieve its mission in a contested cyberspace environment
Strengthening the joint force by conducting cyberspace operations that enhance U.S. military advantages
Defending U.S. critical infrastructure from malicious cyber activity that alone, or as part of a campaign, could cause a significant cyber incident
Securing department information and systems against malicious cyber activity, including department information on non-department-owned networks.
Expanding department cyber cooperation with interagency, industry, and international partners.

In line with these objectives, the Department of Defense has developed joint cyber force. The Cyber Mission Force consists of the Cyber National Mission Force, the Cyber Protection Force, and the Cyber Combat Mission Force. [x] The Cyber National Mission Force consist of National Mission Teams, National Support Teams, and National cyberspace protection teams, directed by the Cyber National Mission Force Headquarters.[xi] The Cyber Protection Force consists of Department of Defense information network (DODIN), combatant command, and service cyberspace protection teams, directed by Joint Force Headquarters DODIN, Combatant Commands, and Service Cyberspace Component Commands respectfully.[xii] The Cyber Combat Mission Force consists of combat mission teams and combat support teams, directed by Joint Force Headquarters – Cyberspace.

Department of Homeland Security

The Department of Homeland Security consists of four main cyber actions. The first is the National Cybersecurity Protection System. The network security deployment division designs, develops, deploys, and sustains the system, which provides intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities.[xiii] The second is the Continuous Diagnostics and Mitigation. This method uses capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable personnel to mitigate the most significant problems first.[xiv] The third is the National Cybersecurity and Communications Integration Center. The center reduces the risk of systemic cybersecurity and communications challenges in the role of cyber defense, incident response, and operational integration center.[xv] The fourth is the Federal Information Security Management Act Reporting.[xvi] The act enforces and requires federal agencies to strengthen information security programs, reporting progress annually to Congress.

Intelligence Community

The Intelligence Community is comprised of 17 agencies. These are the Central Intelligence Agency (CIA), Director of National Intelligence (DNI), Defense Intelligence Agency (DIA), National Security Agency (NSA), National Geospatial Intelligence Agency (NGA), National Reconnaissance Office (NRO), 4 service components of the DoD, Department of Energy, Department of Homeland Security, Coast Guard, Federal Bureau of Investigation (FBI), Drug Enforcement Agency (DEA), The State Department, and The Department of the Treasury.[xvii] These 17 agencies work together identifying and combating cyber threats to the United States. These include the Office of the Director of National Intelligence (ODNI): Heading a task force coordinating efforts to identify sources of future cyber-attacks. Department of Homeland Security (DHS): Lead for protecting government computer systems. Department of Defense (DoD): Devising strategies for potential counterattack of cyber attackers. National Security Agency (NSA): Monitor, detect, report and respond to cyber threats. Federal Bureau of Investigation (FBI): Lead national efforts to investigate and prosecute cybercrimes.[xviii] With each agency having different objectives and functions, they work together to comprise the intelligence community.

Private Sector

The private sectors role is cybersecurity falls on a spectrum of activities ranging from passive to aggressive, listed below.[xix]
Cyber hygiene/firewalls/scanning and monitoring
Passive intel gathering
Intrusion reporting
Honeypot/sandbox/tarpit decision
Patching 3rd party networks
Sink holing
Beacon/dye-packet
Server/botnet takedown/forward intel gathering
Hack back-recover assets
Temporary disruption of adversary networks
Extended disruption of adversary networks
Hack back-damage adversary assets

These four entities are organized in a way that allow for different objectives to drive each entity, even though they are all operating underneath the same cyber domain. In order to unify the organization of the United States stakeholders in the cyber domain, the capabilities and responsibilities of the cyber domain need to be defined.

What Cyber Does

Cyber has five core functions, which are: Identify, protect, detect, respond, and recover.[xx] Everything the United States can do in the cyber realm falls under these five functions, offensive and defensive. Cyber also has five common asset classes: Devices, apps, networks, data, and users.[xxi] A matrix created by Sounil Yu, filled with the functions across the top of the matrix and the common asset classes along the side.[xxii] Within this matrix, all cyber capabilities can fall into a box, with some overlapping. This matrix showed the need for better defensive capabilities, due to the amount of white space.

The Need for Better Defense

There are three reasons the United States needs better defensive cyber capabilities. The first is that new offensive technologies have taken to the field and they now have the advantage over the things that the United States has to defend against them. The United States has to invest in new technologies that will give the defense the advantage again.[xxiii] When it costs more to attack, or when the chances of an attack defeating the defenses is low, greater stability will prevail.[xxiv] The second reason is that the current tools the United States have are not efficient enough to fully protect all assets vulnerable to attack. Currently, every tool that requires sensing needs its own sensor and every tool that would take an action needs its own actuator.[xxv] When sense making, the current tools are making sense of only the data it collected from its own sensors.[xxvi] The third reason is the vulnerability of the power grid. There are three isolated electric power grids in the United States: East, West, and Texas, within them are subregions, such as the mid-Atlantic area.[xxvii] Leaving the power grid poorly protected allows the United States adversaries access to potentially shutdown at least a third of the country if the defensive capabilities don’t stop them from doing so. Complicating the encryption to prevent this access from happening would better secure the United States.

Solution

In order to better secure the United States cyber defenses, the United States must first take seven steps for stability.[xxviii]
Unity of command
Clarity of mission
Secure U.S. arsenal
Resource adequacy
System failure capabilities
Escalation dominance
Supporting diplomatic arrangements

The organizational dilemma falls under step one, whereas the better defense falls under step three. The solution to step three is quantum computing. Quantum computing is a type of technology based on the principles of quantum theory. In the simplest terms, there are two phenomenon that occur to the qubit. The qubit is not actually in one state, such as positive or negative, but is in all possible positions or values until it is acted upon by observation. The second phenom is entanglement, where two particles are said to be entangled. Change one particle, the other changes instantly, this occurs even when the two particles are significantly separated in distance.[xxix] With this knowledge, quantum computing could provide both impossible to break protection for data and the ability to crack all current form of encryption.[xxx] Quantum computers will be able to use cryptographic schemes that do not rely on mathematical assumptions.[xxxi] Rather, creation of quantum-resistant coding algorithms, systems of encryption that are more complex, some of which use entirely different approaches than long number factoring.[xxxii] These would prove to be significantly more secure than classical cryptography.[xxxiii] While the research is still being developed due to the need for a qubit alive long enough to be useful and creating software and hardware that will produce low error results,[xxxiv] this technique could prove to be beneficial to the United States cybersecurity. Uniting the cyber domain under the quantum computing network will strengthen the United States defensive capabilities. In addition to encryption over specific assets, the assets will be harder to access by all adversaries.

Risk Mitigation

In addition to the threat the adversaries possess, there are also two risks from within. The first risk is the diplomatic threat. This threat can be mitigated by explaining to oversight entities and the public the nature of threats in the cyberspace, the threatening conduct of our adversaries, the limitations of passive defense, and our scrupulous regard for civil liberties and privacy.[xxxv] The second risk is the high-demand, low density maneuver force, the prioritization of highly capable states, which means fewer resources and less attention to other cyber threats. To mitigate indirectly there needs to be increasing resiliency in DoD systems against all threats in order to render most malicious activity inconsequential and to mitigate directly by information sharing with law enforcement, homeland security, and the intelligence community.[xxxvi]

Conclusion

The United States faces the threat of near peer adversaries in all domains, including the newly coined fifth domain. With cyber being intertwined with the other domains and critical infrastructure to the United States way of life, the only option is to unify the cyber domain and strengthen the defensive capabilities the United States possesses.

No comments: