IMPLEMENTING AN EFFECTIVE CYBERSECURITY STRATEGY

IMPLEMENTING AN EFFECTIVE CYBERSECURITY STRATEGY

SIGNAL MAGAZINE - ERIC HIPKINS
SEP. 24, 2018

Responsive measures, definitions and diplomacy are crucial.

Recently, Secretary of State Michael Pompeo, in response to Executive Order 13800, released recommendations to the President of the United States on the subject of cybersecurity. Included was an emphasis both on domestic policy and international cooperation to achieve several key diplomatic, military and economic goals. The specific focus on international cooperation is a big step in the right direction. The United States has a chance to demonstrate international leadership on a complex issue, while setting the groundwork necessary to protect national interests. In order to be successful, the administration will have to get at least three things right: a full appreciation for the operational space, an understanding of the wide range of threats and how diplomacy can be used to achieve both international and national goals.

Some people tend to romanticize the world wars of the early twentieth century. Obscuring the bloody truth is a comfortable notion that it was a “simpler” time. This rosy-colored take pits clear allies with clear objectives against clear foes on clear battlefields. These were fights between good and evil, them and us. These binary interpretations are dramatic erosions of much more complicated matters. If there is one area that captures perfectly the complications of warfare, it exists today in cyberspace.

The cyber landscape is vaster than the Western Front; it is never quiet. Rapid growth in both mobile and the burgeoning Internet of Things (IoT) have successfully pushed the population of Internet-connected devices higher than that of all the people on Earth. These devices have the ability to host traditional and legitimate content as well as serving as part of a malicious command and control network. In cyberspace, there are no oceans, mountain ranges or dense cities. Attacks can be highly targeted and executed at the speed of light, worldwide. And, aside from some countries where the Internet is regulated, data flows the same in Europe and Japan as it does in the Americas. In a borderless world, international cooperation can greatly reduce the likelihood of undesirable actions, digital invasions, plundering by protocol.

The issues of cybersecurity and cyberwarfare are further complicated by the sheer number and variety of threat actors in the space. One of Secretary Pompeo’s stated goals is to “improve the ability of the United States to deter malicious cyber actors.” The specifics are less clear, even in the Office of the Coordinator for Cyber Issues’ more detailed memo. What makes one a cyber terrorist? How should the U.S. and broader international community define a state actor? Given the similarity in available tools, how should countries mete out justice for a nation state versus a curious young hacker? These definitions are still lacking. However, if the secretary’s recommendations are put into action, then this is just the beginning. Through international cooperation, the U.S. can help lead in answering these questions, while strengthening relationships abroad.

This article was originally posted by SIGNAL Magazine. Click here to view the full article on their site.