Foreign Policy Blogs

Blinking Red: Reconsidering U.S. Approaches to Cybersecurity

Blinking Red: Reconsidering U.S. Approaches to Cybersecurity

The Center on Sanctions and Illicit Finance (CSIF) recently hosted a series of discussions on “Securing American Interests: A New Era of Economic Power.” They addressed questions of economic and financial power, economic statecraft, and national security, including new offensive and defensive options for the United States. Wide-ranging discussions covered terrorist financing, financial crimes, sanctions as policy, foreign asset control, non-state actors, alternative currencies, and other Department of Treasury concerns.

Cybersecurity was approached from a singular, sober starting point. John Carlin, a former U.S. Assistant Attorney General for National Security, stated plainly:

There’s no excuse not to know that the system is blinking red when it comes to the potential for a major national security-driven cyber incident to hit our critical infrastructure in a way that causes major economic issues.”

We pledge every year, Carlin continued, that this is the year we will strengthen our defenses, but each year we continue to leave ourselves vulnerable.

A number of big-picture questions were considered, at the geo-strategic level. What are the new international rules? How can the U.S. and its allies help develop these rules? How can new norms and values take shape, with bilateral and multilateral agreements? How can the U.S. and its allies develop agreements with other nations of concern? What will it mean to monitor—and enforce—such agreements? At what point does NATO’s Article 5 take effect, where “an armed attack against one… shall be considered an attack against them all,” provoking allied military response?

The panel outlined a variety of recent cyberattacks and cybersecurity concerns by U.S. adversaries. Among these: Russia‘s release of Democratic National Committee emails to influence the U.S. presidential election, the ongoing theft by China of U.S. industry’s intellectual property and interest in infrastructure controls, Iran‘s attacks on U.S. infrastructure and financial institutions, and North Korea‘s attacks on U.S. media and South Korean financial and military assets.

China garnered special attention. Carlin cited Gen. Keith Alexander, former head of the NSA and Cybercom, calling China’s theft of U.S. intellectual property “the greatest transfer of wealth in human history.” Peter Harrell of the Center for New American Security judged that this IP theft is “beginning to reach a macroeconomic level of risk.” CSIS fellow Zach Cooper noted that China’s cyber efforts are being complemented with strategic investments, “often in dollar amounts that don’t make sense, around U.S. military bases” in the western Pacific Ocean.

Two important insights identified that cybersecurity needs to be seen within larger contexts, instead of only as an isolated, distinct domain. First, we don’t think of security questions by air, land, sea, and space separate from each other. Similarly, we need to think of cyber as one option in a multi-pronged attack. Second, and perhaps more challenging, the panel continued, the United States should think of cyberattacks not as from one country or another, but as multilateral attacks against the U.S. economy, critical infrastructure, and national security assets.

Harrell noted that the U.S. has never had “any systematic evaluation of vulnerabilities either of us or of our close allies and thinking through, in a more systematic way, how do we want to be positioned to play defense for the long term.”

Recommendations included the usual government-industry cooperation, and the need to innovate—this is still new policy-making, in many ways. Traditional statecraft remains important, such as private communications with China instead of public “red lines,” supported by “mundane transgovernmentalism“—technical cooperation among the bureaucratic agencies of allies. Can we use Cold War-era concepts of signaling and deterrence (Harrell) to combat China’s “ambiguity, asymmetry, and incrementalism” (Cooper)?

Cyber is a giant and growing area of military and economic vulnerability for the U.S. and its allies. The CSIF event showed that while some progress is being made in important areas, we need to examine and address the host of issues in a comprehensive way—and soon.

An earlier version of this appeared at Giga-net.org. Video and transcripts from the event are at http://www.defenddemocracy.org/events/securing-american-interests/. All quotes here are from the session on “Shoring Up Our Defenses Against Emerging Threats of Economic Warfare.

 

Author

Jim Quirk

Jim Quirk teaches American and comparatiive politics at American University in Washington, D.C. He has taught at Loyola University Maryland, The Catholic University of America, and the University of Economics in Varna, Bulgaria. His favorite projects have included work with in Mexico, Russia, the Balkans, the Kurdistan Region of Iraq, OSCE, IEEE, and the Open World Leadership Center. He tweets from @webQuirks