Winning the Cyber-War Under Trump
An overflowing plate of urgently needed new policies to act upon will be waiting on President Donald J. Trump's desk when he takes office on January 20, 2017. Few are as pressing as the need to lead a new national effort for securing our cyber communication infrastructure.
It is no secret that the security of the U.S. cyber infrastructure is essential to the functioning of the electric grid; our defense; communication; transportation; industry; finance; health of and everything electronic we use in our daily life. And it is no secret that during his two terms in office, President Obama failed to secure the U.S. cyber infrastructure and paid little if any attention to timing and location services that are essential for unobstructed cyber activity.
The growing dependency on wireless technology and services and lack of adequate security led to an escalation in cyber-attacks. Substantial segments of the U.S. economy have already been harmed. State- sponsored hackers, as well as lone actors, were able to steal millions of documents detailing the country’s most critical national security and business secrets. Others have stolen untold amounts of money and disrupted out financial markets activities.
It seems that the rapid pace at which cyber-related architectures and wireless technologies are evolving have apparently presented an insurmountable barrier to most of our technologically-challenged policymakers. During his two terms, President Obama issued some executive orders on critical infrastructure and cybersecurity. But lacking direction, the executive branch, and its agencies have failed to secure the nation's cyber infrastructure. The Czars and advisors he appointed to oversee different elements of cyber security, failed because of lack of leadership to coordinate the efforts. Thus the nation's cyberspace security became increasingly vulnerable.
Only after WikiLeaks began releasing the email correspondence between Hillary Clinton and her supporters, which were conducted on her private non-secure server, did Obama issue Presidential Policy Directive -41. Called the United States Cyber Incident Coordination, the directive put the FBI in charge of responding to all cyber threats. This was necessary, said his homeland security adviser, Lisa Monaco, "because it's not always clear whether those responsible for a hacking incident are other countries, terrorists or criminals." This directive identified the responsible federal agencies, to "help answer a question heard too often from corporations and citizens alike: In the wake of an attack, who do I call for help?" Ms. Monaco noted that "other agencies will also have significant roles in helping to prevent and mitigate the effect of cyber intrusions." These include the Department of Homeland Security and the Cyber Threat Intelligence Integration Center. But this will do little to undo the huge damage that was already done to the U.S. economy, military, and its national security.
The lack of attention for toughening timing and location infrastructure, and the lack of a single accountable department to direct all the agencies that are involved, increased the U.S. voluntarily to cyberattacks.
Turning the NSA into a Cabinet office of the National Information Security (NISD) Department would not only help the unite our cyber defense, but would help to cut down on bureaucracy.
The NIS should ensure that policies and definitions of cyber include timing and location services, such as GPS (Global Positioning System). This classification would help coordinate the efforts to increase resiliency capabilities and would help minimize, and possibly prevent, purposeful interference with our cyber infrastructure, and enhance our defense capabilities.
The NIS would be in charge of uniting and overseeing the necessary actions needed to secure the nation’s cyber infrastructure from any interruptions. It should be in charge of all U.S. efforts to develop, build and use new resilient capabilities and devices and ensure the delivery of accurate timing and location data by the GPS, and our ability to defend against attacks and or natural interference.
The new cyberspace security policy should look beyond just "space-based" assets and GPS. It should be looking at the larger cyber infrastructure. It should be responsible for developing more resilient devices with access to multiple alternative sources for our nation's cyber infrastructure, which is dependent on GPS for precise time and location-based services.
A cyberattack or worse, activating an electromagnetic weapon (EMP), by exploding a nuclear device in the atmosphere above parts of the U.S., as former House Speaker Newt Gingrich described, "would totally devastate our entire electrical grid and cyber communication networks and disable our critical infrastructure. Such an event would destroy our complex, delicate, high-tech society in an instant and throw all of our lives back to an existence equal to that of the Middle Ages. Millions would die in the first week one." This very real threat of an EMP attack on the U.S. has been debated in Congress, discussed in the media and featured in film. Yet, the Obama Administration failed to prepare adequate measures to mitigate the threat.
To better protect our economy, society, and government, we must immediately expand the current policies into a broader "position, navigation and timing" policy with a central authority and holistic approach for:
(1) overseeing, managing, and prioritizing U.S. efforts, (2) centralizing all research and development of location services, and timing solutions and technology, (3) gathering, maintaining, and adapting, in near real-time, civil user-defined requirements, (4) clearly delineating between government and private sector capabilities and responsibilities for provisioning, (5) clearly placing all forms of harmful interference, data manipulation, equipment vulnerabilities, and capability disruption(s) into the cyber response planning framework, and (6) leveraging cyber reporting to include GPS and other forms interference and disruptions.
Our timing and location resilience should have both a space-based and ground-based PNT solution. This does not mean that the government needs to own and operate all capabilities. We could leverage public-private partnerships to meet this effort. But this needs to be coordinated and funded by the highest levels of the Executive branch.
America is a just one second away from an attack on its cyber infrastructure. Securing the system is a priority. To hit the ground running, the Trump Administrations needs a needs a new policy, and an accountable leadership with an action plan ready on their first day in office.
Rachel Ehrenfeld is director of the Economic Warfare Institute at the American Center for Democracy.