The world of crime has changed and the United States government has not prepared itself. Online drug marketplaces and cyber warfare have changed the face of criminality in the country and represent the largest impending threat to the nation both domestically and abroad. Addressing the threat requires acknowledging the country’s lack of preparation and finding definitive means to mitigate the danger.
The Making of Terror
Cyber warfare completely changes the landscape of not only warfare, but also international relations as a whole. Authorities currently use a slew of methods to stop international terrorism, but many of these methods are ineffective in combating cyber terror. The United States has historically used sanctions and embargos against rogue nations to deter them from committing further acts of aggression and undermining their military capabilities. Cyber attacks cannot be countered using these methods. Regardless of U.S. intent, the American government cannot stop a nation from having computers or Internet connections.
Finding those responsible for cyber attacks also proves difficult for authorities. Traditional terrorist attacks or acts of war require those responsible to have physical proximity to the act. Proximity is not necessary for a cyber attack. A terrorist cannot remotely plant a bomb, but a capable terrorist can hack into secure networks from worlds away while simultaneously masking the origin of the attack. Tor, for example, is a global network that masks IP addresses, making users nearly impossible to trace. Anyone that knows how to use it can easily use it to hack into the networks of banks to find private financial records.
Limiting the cyber capabilities of other nations would not eliminate the threat of cyber warfare. Well-trained criminals have found a new way to take advantage of this need in the market for capable hackers. A new boutique industry of cyber mercenaries has taken shape. These groups provide both public and private organizations with a critical service: finding their security loopholes. Cyber defense requires finding all potential holes in your defensive system before a hacker has the opportunity. These hackers for hire provide a private organization with the information necessary to protect their system and potentially to commit cyber attacks on other systems. Government officials still do not know for sure whether or not North Korea employed a similar group of hackers-for-hire in its attack against Sony. Stopping this type of outsourcing requires an entirely new way of thinking about international conflict.
The United States currently faces the two clear cyber security challenges, starting with the need to significantly improve the nation’s cyber capabilities. Stopping the type of aforementioned outsourcing would require unquestionable cyber superiority. Shortly after coming into office, the Obama administration released the Comprehensive National Cybersecurity Initiative geared towards preparing the nation for a new world of warfare. As a result, U.S. Strategic Command formed the Cyber Command unit with the mission of helping military personnel in the field and more specifically of “strengthening our nation’s ability to withstand and respond to cyber attack.”
The country’s defense apparatus has taken the necessary steps to accomplish this mission. Former Defense Secretary Chuck Hagel announced last May that Cyber Command would soon have a fighting force of over 6,000. Last year, the Department held its first Hackathon, which helped to find elite talents and build interest in working for the military by exposing candidates to real-world scenarios.
However, finding, keeping, and training capable security personnel poses a significant challenge. Northeastern University professor William Robertson sees part of the problem as “a lack of human capital for trained security professionals. The small number that exists tend to work for small security teams, like Google[’s] Project Zero—or go to work for boutique security firms.” Becoming a capable cyber defender requires both mundane knowledge about systems and a more sophisticated understanding of software. Therefore, “it takes a special type of person.” Reaching Secretary Hagel’s goal of 6000 defenders demands a much more methodical approach to recruitment than a hacking competition.
The Internal Threat
The second cyber threat facing the nation comes from within. At the dawn of a new age of war, we have yet to define the rules of engagement and its most basic vocabulary. At the end of the White House cyber security initiative was the goal of “[Defining] the Federal role for extending cyber security into critical infrastructure domains.” The inability to clearly define the pertinent terms for the future represents the clearest failure of the current administration in terms of cyber defense. For years now the government agencies tasked with cyber defense have struggled with defining even basic terms like what constitutes an act of cyber warfare. A clear delineation of what constitutes a cyber attack or cyber espionage will provide the foundation for how the government will respond to incidents in the future.
Both are necessary moves, as the United States is currently in the midst of a widespread covert cyber engagement with multiple actors. On one front, the Chinese have engaged in “aggressive and increasingly threatening campaign of cyber espionage.” On another, the United States is using the Stuxnet virus to impede Iranian nuclear capabilities. As Professor Robertson noted, “We are absolutely in the middle of some kind of Cold War in cyberspace” when we consider the increased level of state activity. Additionally, there is a litany of cyber attacks on private firms to consider. Spending on cyber security for a number of different government agencies, ranging from the FBI to the Department of Energy, received a bump last year. However, the proportion of spending on cyber security remains unsatisfactory and disproportionate to the size of the threat. A focused effort is required to guarantee the cyber security of America going forward.
These moves come with little time to spare. China has repeatedly proven it has the advantage. In the last two years alone the United States has blamed China for hacking not only major American companies but also confidential military weapons systems. While testifying in front of the House Intelligence committee, Admiral Mike Rodgers, the head of the National Security Agency, noted that China and potentially other nations have the capability to shut down American utilities, aviation networks, and financial systems. Cyber defense always poses a greater challenge than offensive cyber measures because a hacker only needs to find a single weakness in a country’s system. As Professor Robertson puts it, “There are more unknown unknowns in this space than known unknowns.”
Image Credit: Wikimedia/Sdverv