TABLE OF CONTENTS
OUR ECONOMY IS OUR NATIONAL SECURITY
WHO IS THE ENEMY?
REGULATION AND CIVIL LIBERTIES
CURRENT CYBER SECURITY MEASUREMENTS
THE ROLE OF THE U.S. MILITARY
THE SCOPE OF DETERRENCE
THE COLLABORATION BETWEEN THE PUBLIC AND THE PRIVATE SECTORS
THE UNITED STATES AND THE INTERNATIONAL COALITION
ASSESSMENT OF THE CURRENT SITUATION
THE ROLE OF THE WHITE HOUSE
THE PUBLIC PRIVATE PARTNERSHIP
IDS 803 - The Emerging Knowledge Society: Origins and Implications 13 May 2013
Cyber Security and Its Impact on the National Security of the United States
Security of cyberspace is considered one of the most serious challenges the United States is facing among its economic and national-security challenges of the twenty-first century. It is almost every day that our IT specialists discover new threats and attacks against the networks of our nation both in the public or private sectors. Those cyber-attacks represent major threats not only to the safety and wellbeing of the United States, but also to its allies. The continuous loss of information and the lack of proper cyber security have imposed unacceptable damage to the economy and the national security of the United States. In 2009, President Obama set directions to establish the Office of Cyber Security, which is responsible for coordinating the efforts of different government entities in the field of cyber defense. We believe that such an action is not enough, despite its importance.
The aim of this paper is to argue that the public-private partnership represents the ultimate solution to protect the national cyber security of the United States against frequent and violent cyber-attacks. The paper will elaborate the importance of the cyber security to the national security of the United States, then assesses the present solitary governmental defense measures, and highlights the loopholes and defects of the current unilateral administrative strategy that does not involve the private sector neither in the decision-making process, nor in the execution phase of the defense strategy. The paper will also highlight the roles of the White House, military and intelligence agencies, and subsequently connect them to the proposed public-private partnership and how this partnership is going to synergize their roles.
Consequently, this paper is concerned with the cyber defense strategy of the United States. For the past three decades, the United States has been struggling to formulate that strategy to counter the continuous cyber-attacks and threats, and to protect the national interest of our country. With the constant advance in technology every day, it’s pretty much debatable whether our defense techniques are enough and deterrent. Some may see the recommendations adopted throughout this paper argumentative. However, we all agree that cyberspace will never be fully secure. In the same time, there is much that can be done to acquire new strengths, increase the ability to adapt, and reduce the risk of those threats and attacks.
OUR ECONOMY IS OUR NATIONAL SECURITY.
The security and power of the United States tremendously depend on its economic strength. That is why the economy represents the immediate risk, because basically nowadays most of the business organizations are engaging with their each other virtually through the web. Companies use the web not only to engage with their customers, but also to manage their supply chains, provide services, and receive and arrange delivery orders. Furthermore, after the introduction of the new cloud system, in which all the business data can be stored online, the intellectual properties are now stored in digital forms, that can easily be accessed by the opponents anywhere around the globe.
In addition, cyber espionage attenuates our investment in research and development accomplishments, and literally subsidizes our foreign competitors’ innovation achievements. In an information age, in which possessing knowledge, economic power and technological leadership serve the national security to a country as much as the military power does; espionage simply saves our rivals’ effort, time and billions of dollars of investments. The United States arguably has greater to lose in such a war than any other state, and certainly more than any nonstate entity. (Krepinevich) Especially at this age, weak and easily infringed networks are such intolerable drawbacks; the United States cannot bear. In the new global competition, the military force even with its nuclear power will not be as important and essential as information. It is simply because information allows the country to possess a competitive advantage over others, to possess an ability to foster the economic growth, innovate and invent fresh ideas and products, and to protect its technological superiority.
Therefore, it is important to note that duty to the complexity of the security measurements of the classified governmental networks; the private sector clearly represents the primary target for those attacks. That is why any cyber defense strategy should involve the private sector as one of the top key players.
WHO IS THE ENEMY?
Since September 11,2011, the federal government of the United States has focused an unprecedented amount of attention, time and fiscal resources on the threat of weapons of mass destruction and terrorism (Condron). The government established Special Forces of counter terrorism, and provided the law enforcement agencies with all the required financial and technological resources. On the other hand, the government has not done much regarding cyber security, although it continued to represent itself as a clear example of the struggle of the United States in coping with the threats of the twenty-first century. Foreign rivals keep trying to access the poorly secured and most vulnerable networks of the United States in order to gather valuable information about every single aspect of our life, economically, socially and more importantly militarily. Their ongoing trials are usually characterized by perseverance, intelligence, persistence and sometimes luck. Although it is good to know that most secretive information of the U.S. military communications have been so far well protected, it is worth mentioning that in the same time other government data, new patents and intellectual properties from most leading American firms, as well as military technology remains continuously targeted for attacks from economic rivals, criminals and others.
The attacker could be an isolated individual, a member of some organized group, or a state actor (Condron). Nevertheless, the most virulent attacks have been arranged and organized by foreign intelligence agencies and potential military opponents.
That is why losing the battle to those opponents will unleash serious damage to the national security of the United States. Consequently, the government should not leave the measures of cyber security to be determined by the private sector alone. Without a proper collation between the government and different entities of the private sector, our leading companies will remain vulnerable to attacks from sophisticated and well trained hacking specialists managed by foreign intelligence is not considered a viable option.
REGULATION AND CIVIL LIBERTIES
In order to achieve acceptable levels of cyber security, government regulations should be formulated. However, many critics argue that any governmental regulation of cyber security can give a lot of power to the government to administer the Internet. And no doubt, their concerns are considered circumspect and reasonable; especially in case of dictator systems that would observe major obstacles because of being tough and adamant. Another concern is that the majority of government regulations is overbroad, extravagant in terms of cost and has questionable efficacy. Furthermore, in many fields, the freedom to innovate is crucial in order to help create more effective solutions. The problem about regulations is that it hinders the freedom of innovation, therefore, making it more difficult for those new fields to flourish.
As Chief Justice Rehnquist once pointed out: "[I]n any civilized society the most important task is achieving a proper balance between freedom and order. In wartime, reason and history both suggest that this balance shifts to some degree in favor of order — in favor of the government’s ability to deal with conditions that threaten the national wellbeing” (Rehnquist). Therefore, any regulation or decision taken by the government must respect civil liberties and privacy of citizens. Although balancing the regulation to protect the national security without touching the civil liberties is not an easy task, privacy and confidentiality are central values that any government cyber security initiative must respect and put into consideration (Liu, Stevens and Ruane). But before taking any action the government must make sure this action is transparent enough for the public to have a public debate about then to make sure there are no hidden acts that would affect their privacy as well as security. The action will be expected also to have acceptable degrees of resilience and flexibility that would allow the critical services to be smoothly provided.
Three decades ago, if you invited all those technology researches working within the field of Internet security; you would have been able to gather them all in one small club. At that time, confirmation of identity was not a questionable matter. However, once the commercial Internet service providers (ISPs) began to emerge in the early 1990s (Connelly 19), millions of unidentified or poorly identified users overloaded the Internet. Even so, once the government, public services, banks and airlines started to use the Internet to serve different customers around the world, the issue of anonymity became a double-edged weapon. Anonymity is important and sometimes crucial for Internet users who want to engage in political controversial discussions without getting harassed by repressive regimes. On the other hand, improper online identification and authentication cannot be tolerated when all the parties are engaging in some sort of business transactions. For example, as a bank customer, I would like to make sure that I have properly identified the website of my bank, before I type in my account number, password or any other personally identifiable information. Furthermore, I would expect that my bank is making sure not to accept any monetary transaction on my account without proper identification with the person doing them. Finally, the transaction should be done using a secure connection that would not allow my personal information to be captured by other parties. Therefore, the question is whether the government would leave the bank to manage the security of its webpages, or it should have some regulations for the financial institutions to follow. The bottom-line is that most of the federal banks are FDIC insured, so if a website of a particular bank got hacked, the government is obliged by law to protect the commodities of the public. As a result, leaving the cyber security of the private sectors, especially the financial institutions to their computer specialists, without proper monitoring from the government is not an efficient strategy. As a country if we fail to provide effective protocols of authentication, then we will have to expect and in fact, deal with a tremendous increase in crime rate and identity theft. (CSIS Commission on Cybersecurity for the 44th Presidency 67).
CURRENT CYBER SECURITY MEASUREMENTS
There is an exigency for prosecution of criminals who try to damage our networks, or steal our precious information and knowledge. The process of investigation is complicated and yet the success rate is still debatable, because of difficulties in locating and investigating a crime that took place remotely through global networks. However, no doubt, law enforcement agents in command are doing their best to chase each thread that could lead to a successful prosecution of those criminals. There are other challenges they are facing, may be one of them is that many of the victims in the private sector and sometimes in the government are reluctant to contact law enforcement agencies to report attempted attacks and breaches. Those companies prefer not to inform the public that their servers were hacked, a behavior that diminishes the potential power of law enforcement (Lewis).
However, law enforcement in collaboration with intelligence has already taken important steps to defend and compete effectively in cyberspace both nationally and internationally. Jerry Dixon, former director of the national cyber security division at the Department of Homeland Security, once commented on the law enforcement efforts saying, "We are constantly in the reactive mode" (Wagner). The intelligence community led by National-Security Agency (NSA) has adopted the efforts to identify hostile foreign actions, and the Department of Justice (DOJ) has persistently attempted to identify and prosecute all those involved in cybercrimes through collaboration of work with the diplomatic, military, and domestic law enforcement agencies. Moreover, the Department of Justice, through its thorough investigations, plays an important role in identifying the adversaries’ intentions and capabilities. It then provides other agencies with the gathered information. Afterwards, along with the National-Security Agency, it determines