Securing Cyberspace for the 44th Presidency
Full Title of Reference
Securing Cyberspace for the 44th Presidency
Full Citation
Center for Strategic and Int'l Studies, Securing Cyberspace for the 44th Presidency (2008). Web
Categorization
- Overview: Industry Reports
- Issues: Public-Private Cooperation, Government to Government
- Approaches: International Cooperation, Regulation/Liability
Key Words
National Cybersecurity Strategy (U.S.), E.U. Cybersecurity, Information/Intelligence Infrastructures, Outreach and Collaboration, Privacy Law, CERT
Synopsis
The Center for Strategic and International Studies began this project in August 2007, after the United States suffered a wave of damaging attacks in cyberspace. Guided by our congressional cochairs, we assembled a group of individuals with experience in both government and cybersecurity. The aim of the group was to identify recommendations that are critical to the nation's future cyber objectives. The Commission's three major findings are:
(1) cybersecurity is now a major national security problem for the United States,
(2) decisions and actions must respect privacy and civil liberties,
(3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
Details the state of the nation's cybersecurity, and the informational losses that the United States has been subjected to. The report indicates that a primary point of confusion may be found in misinterpreting the threat of cybersecurity in an industrial era mindset, and over-relying on market based solutions arising to protect vital national interests. Also identified as a key source of vulnerability is a government organized for the industrial age, a giant hierarchical conglomerate with high costs associated with making decisions and obtaining information where crossing organizational boundaries is involved. The indicated result is a porosity that leaves information that grants the U.S. strategic advantages vulnerable and which has been penetrated.
The authors criticize CNCI as being good, but not sufficient. The initiative should not be scrapped, but should definitely be improved. Focusing only on defending government leaves abundant room for such security to be outflanked and bypassed. The core finding reported is that an attitude shift must take place with respect to cybersecurity; it must be treated as one of the dominant security challenges faced by the nation. However, such efforts must not come at the expense of American democratic traditions as they can and should offer the opportunity to reinforce these values. The authors present the successful adaptation of American policy towards Weapons of Mass Destruction and non-proliferation as a powerful paradigm for success in cybersecurity. By shifting non-proliferation to a position of primacy in international activities, the U.S. succeeded in encouraging non-proliferation to be normative in state interactions. Pushing cybersecurity to a position of prominence in present and future efforts is suggested as offering significant opportunities to improve national and global security. There are also multiple possible points of contribution identified for agencies ranging from the Department of State to the Department of the Treasury. The primary emphasis is on cultivating a norm supporting cybersecurity, rather than a specific set of regulations. The authors identify the Council of Europe Convention on Cybercrime (CECC) as one of the most important efforts in cultivating exactly the sort of norms that would help protect our vital national interests. The CECC is a multilateral treaty requiring signatory nations to create the basic legal infrastructure that fighting cybercrime requires and to assisting other nations in investigating and prosecuting cyber criminals.
Executive Summary
The Center for Strategic and International Studies began this project in August 2007, after the United States suffered a wave of damaging attacks in cyberspace. Guided by our congressional cochairs, we assembled a group of individuals with experience in both government and cybersecurity. The aim of the group was to identify recommendations that the next administration can implement quickly to make a noticeable improvement in the nation's cybersecurity as well as formulate longer-term recommendations that are critical to the nation's future cyber objectives.
Our recommendations:
Create a comprehensive national security strategy for cyberspace.
Comprehensive means using all the tools of U.S. power in a coordinated fashion-international engagement and diplomacy, military doctrine and action, economic policy tools, and the involvement of the intelligence and law enforcement communities. The acronym DIME-diplomatic, intelligence, military, and economic (and with law enforcement a crucial addition)- points to the elements needed for a truly comprehensive solution. This strategy should be based on a public statement by the president that the cyber infrastructure of the United States is a vital asset for national security and the economy and that the United States will protect it, using all instruments of national power, in order to protect national security and public safety, ensure economic prosperity, and assure delivery of critical services to the American public.
Lead from the White House.
We used the response to proliferation as a model for how to approach cybersecurity. No single agency is in charge of nonproliferation. Major agencies play key roles set by presidential directives and coordinated by the White House. This is how a comprehensive approach to cybersecurity must work. We propose creating a new office for cyberspace in the Executive Office of the President. This office would combine existing entities and also work with the National Security Council in managing the many aspects of securing our national networks while protecting privacy and civil liberties. This new office can help begin the work of building an information-age government based on the new, more collaborative organizational models found in business.
Additional Notes and Highlights
Expertise Required: Policy - Low