Promises and Pitfalls of the National Strategy to Secure Cyberspace - Panayotis A. Yannakogeorgos

INTRODUCTION:
Human activity is increasingly being transferred to, and becoming reliant on, cyberspace. Governments, militaries, critical infrastructures, businesses, and societies now depend on information and communications technology (ICT) to function. The reliance of the United States on such systems, the possible misuse of the cyber-domain by violent non-state actors such as terrorists, and the proliferation of nation-state strategic information warfare programs has raised awareness of the need to incorporate cybersecurity strategies into U.S. foreign and national security policies. To date, there has been no (unclassified) large scale, nationally significant event from which to judge the costs of an attack on ICT critical to U.S. national security. Other nations have not been as fortunate. Russian hacker-networks indirectly linked to the Kremlin opened a devastating cyber-front against Estonia in 2007 as part of a political protest. During the recent war against Georgia, Russian hackers instigated a front in cyberspace the night before conventional forces began their operations. Over the years, in the United States, Chinese based hacker networks have managed to extract forty terabytes of information critical to U.S. national security from cyberspace. Many military analysts believe cyber defense and attack will be vital to future military efforts.  
STRATEGY:
The National Strategy to Secure Cyberspace (NSSC) is the codification of earlier Presidential Directives and laws into a coherent national strategy. As per NSSC mandate, the Department of Homeland Security (DHS) is assigned as the lead agency to serve as a federal focal point for the coordination of government and industry cybersecurity efforts. As noted in the Cyber Incident Annex of the National Response Framework, during a cyber-attack, the Interagency Advisory Council (IAC) and National Cyber Response Coordination Group (NCRCG) are the main mechanisms activated to coordinate the interagency response within the National Cyber Security Division (NCSD) at DHS. Upon the detection of an attack, the IAC, comprised of senior representatives from 13 Federal agencies, is activated by the Director of Homeland Security. The NCRCG provides expertise to the IAC and facilitates a harmonized response to a cyber-attack. To date, these mechanisms have only been activated during crisis management exercises. Additionally, the NSSC grants private industry significant responsibility to secure cyberspace. This element of strategy has drawn criticism from experts. Further, modifications to the NSSC were made with the issuance of the classified Presidential Directive 54/Homeland Security Presidential Directive 23 in 2008 which detailed a Comprehensive National Cybersecurity Initiative (CNSI). Part of this initiative is the creation of the National Cyber Security Center (NCSC) within DHS to secure cyberspace vital to national security.  

INTEGRATED ELEMENTS OF NATIONAL POWER:
The implementation of the NSSC strategy for responding to and preparing for cyber-attacks among agencies and departments has proceeded well in most key areas. The DHS/NCRCG/IAC have demonstrated through crisis management exercises their utility in coordinating a response to a cyber incident of national significance. However, there is a significant lapse in implementing the cybersecurity strategy within individual agencies/departments.  To address this, the NCSC is tasked with securing all federal information systems. Another point of concern brought up in the secondary literature with regard to cooperation involves information sharing limitations between DHS and the private sector since the private sector tends to withhold information on the threats to and vulnerabilities of their systems out of fear that their customers will discontinue use of a service after discovering a networks’ weakness.    

EVALUATION:
Following the guidelines of the NSSC, DHS has produced an interagency mechanism to secure cyberspace. However, DHS exercises indicate that limitations exist in implementing the strategy due to the technological complexity of the subject and lack of private-sector understanding of federal security postures after activation of the IAC and NCRCG. In addition, competing priorities and limited resources and cybersecurity personnel are problems. Further, the private-sector and intelligence community’s unwillingness to share information with non-members of their respective organizations contributes to the weakness of current cybersecurity efforts. This, combined with similar secrecy concerns within DOD, obstructs cybersecurity information sharing. Overlapping responsibilities with various DHS units, limited available resources to deal with the multitude of competing priorities, redundant capabilities in various government departments and agencies, and the lack of an integrated mechanism for coordinating response are additional variables contributing to the weaknesses in the strategy. Finally, the inherent insecurity of Internet communication protocol, domain name-server, and other technical variables makes pinpointing the origin of an attack difficult, thereby complicating the response to a security breach.

RESULTS:
The United States continues to face significant risk from cyber-attacks. Although DHS leads the interagency response to such threats, and DOD is also organized and equipped to respond to cyber-attacks, failure to plug holes in federal and private critical information systems leaves U.S. cyberspace interests vulnerable to both amateur and professional attackers. Thus far, cyber-assaults of particular note have been Chinese efforts. These attacks are best described as cyber-espionage since their scope is geared more towards gathering information rather than destroying ICT. Yet, it has been noted that the full extent of such attacks cannot be known, and it is possible that the hacker networks responsible for carrying them out have left computer programs that may allow for future access to the U.S.’s critical information infrastructure.  

CONCLUSION:
To date, the cybersecurity strategy and U.S. organizations responsible for securing ICT remain in a state of near constant flux. Overall, the government has been generally flexible in adjusting its cyber strategies as necessary and despite its flaws, the NSSC has brought a degree of organization to the interagency. The anti-regulatory framework remains a critical flaw in current national cybersecurity strategy since private industry is not likely to fully disclose threats and vulnerabilities to information systems.  


  Major Reports
  Case Studies
The NCIX and the National Counterintelligence Mission - Michelle Van Cleave
Managing U.S.-China Crises - Richard Weitz
Choosing War: An Analysis of the Decision to Invade Iraq - Joseph J. Collins
Response to Influenza Pandemic of 1918-1919 - John Shortal, Center of Military History
Public Diplomacy and Psychological Operations (Cold War) - Carnes Lord, Naval War College
CORDS and the Vietnam Experience - Richard W. Stewart, Center of Military History
1964 Alaskan Earthquake - Dwight A. Ink
East Timor, 1999 - Richard Weitz
The Interagency, Eisenhower, and the House of Saud - Christine R. Gilbert
Human Trafficking in the 21st Century - Daniel R. Langberg
America's Rejection of the Ottawa Treaty - Dennis Barlow
Japan after WWII - Peter F. Schaefer and P. Clayton Schaefer
Somalia: Did Leaders or the System Fail? - Christopher J. Lamb with Nicholas J. Moon
Iran-Contra Affair - Alex Douville
U.S. - Central Asian Engagement - Evan Minsberg
Interagency Paralysis: Stagnation in Bosnia and Kosovo - Vicki J. Rast and Dylan Lee Lehrke
U.S. Interagency Efforts to Combat International Terrorism Through Foreign Capacity Building Programs - Celina B. Realuyo and Michael B. Kraft
Future Defense Industry Scenario - Sheila Ronis
U.S.-India Civil Nuclear Cooperation Agreement - Patrick Mendis and Leah Green
Failures at the Nexus of Health and Homeland Security: The 2007 Andrew Speaker Case - Elin Gursky and Sweta Batni
The Crisis in U.S. Public Diplomacy: The Demise of USIA - Juliana Geran Pilon and Nicholas J. Cull
The Banality of the Interagency: U.S. Inaction in the Rwanda Genocide - Dylan Lee Lehrke
The Vice President and Foreign Policy: From "the most insignificant office" to Gore as Russia Czar - Aaron Mannes, University of Maryland
The Asian Financial Crisis: Managing Complex Threats to Global Economic Stability - Rozlyn Engel
Building and Maintaining the Gulf War Coalition - Ryan Arant
The 2002 Coup Attempt against Hugo Chavez - Tristan Abbey
The Carter Administration and the Iranian Hostage Crisis Rescue Mission - Jay Bachar
The 1998 Bombings of the United States Embassies in Kenya and Tanzania: The Failure to Prevent and Effectively Respond to an Act of Terrorism - Allison Bukowski
Countering Iran's Nuclear Ambitions, 2002-2008 - Jamie Boulding
The 2003 U.S. Intervention in Liberia - Henrik Bliddal
Pre-9/11 Intelligence and the Creation of the Director of National Intelligence - Jessie Daniels
"Improvising Furiously": The Effort to Train Iraq's Police - Thomas Dybicz
U.S. Counter-Terrorism Operations in Somalia and the Horn of Africa, Post-2001 - Paul Delventhal
The U.S. Role in the Northern Ireland Peace Process - Jessie Daniels
U.S. Strategy in the Nagorno-Karabakh Conflict - Irina Ghaplanyan
U.S. Interagency Response to the 2004 Indian Ocean Tsunami - Carlene Gong
The Andean Initiative and the Transnational Social Contract, 1989-1994 - Daniel Gibbons
The Reagan Administration's Response to the Crisis in Lebanon - Aref N. Hassan
Establishing U.S. Africa Command - Kimberly Nastasi Klein
SALT I: A Lesson in Security Policy - Matthew P. Jennings
U.S. Response to the 2001 Anthrax Incidents - Erin C. Hoffman
Integrating Civilian and Military Efforts in Provincial Reconstruction Teams - David Kobayashi
Losing Iran: The Accidental Abandonment of an Ally through Interagency Failure - Jesse Paul Lehrke
The Berlin Blockade: A First Test for the National Security Act - Sebastian Lederer
The Counternarcotics Effort in Afghanistan - Matthew Korade
U.S. Public Diplomacy in the Middle East after 9/11 - Justin Logan
The Office of the Coordinator for Reconstruction and Stabilization (S/CRS), NSPD 44, DOD Directive 3000.05 - Christopher D. Mallard
HIV/AIDS Mitigation Efforts in Africa and U.S. National Security Policy: An Analysis of the President's Emergency Plan for AIDS Relief (PEPFAR) - Devin J. Lynch
The Role of the National Security Adviser and NSC in the Establishment of Relations with the People's Republic of China - Todd Lorimor
Balancing Democracy Promotion and the Global War on Terror in Pakistan - Don Rassler
Countering Terrorist Financing - Christopher J. Lamb with Alexandra A. Singer
Reversing the Revolution: U.S. Intervention in Guatemala in 1954 - Carolyn R. Schintzius
Reaction to Sputnik under the Eisenhower Administration - Brett Swaney
Bay of Pigs Debacle: Failed Interaction of the Intelligence Community and the Executive - Taylor V. Smith
Brinkmanship in the Straits: The 1995-1996 China-Taiwan Missile Crisis - Hsueh-Ting Wu
The Gulf of Tonkin Incident - Jessica D. Tacka
North Korea's Nuclear Programs and American Policy Formation - Alexander von Rosenbach
The Cuban Missile Crisis: A Close Call Avoided by Successful Strategizing - Rebecca White
Operation Urgent Fury: The 1983 U.S. Intervention in Grenada - Joseph Washecheck
Civil-Military Coordination and the 1994 Intervention in Haiti - William K. Warriner
U.S. Response to Humanitarian Disaster: Hurricane Mitch in Central America - David Wrathall
The Kennedy Administration and American Military Assistance to Laos - Christine Gilbert
Promises and Pitfalls of the National Strategy to Secure Cyberspace - Panayotis A. Yannakogeorgos
Global Warming and National Security - Tianchi Wu
The Suez Crisis: Fighting the Cold War in the Middle East - Marianna I. Gurtovnik
The Bush Administration's Democracy Promotion Efforts in Egypt - Edmund LaCour
The 1970s Energy Crisis and National Energy Policy Creation - Dylan Lee Lehrke
U.S. Nuclear Nonproliferation Policy Meets the Pakistani Weapons Program - Edward A. Corcoran
An Analysis of Counterterror Practice Failure: The Case of the Fadlallah Assassination Attempt - Richard Chasdi
  Other Publications
  Reform Resources

 
 
Home :: Project Overview :: People :: News Room :: Reports :: Literature :: Join Us :: Site Map
© 2010 Copyright Project on National Security Reform. All Rights Reserved.
Site Designed By: DC Web Designers, a Washington DC Web Design Company