by Sean Mossey
Public Policy student at the McCormack Graduate School
October 19th’s Presidential debate saw Secretary Clinton and Moderator Chris Wallace make only brief mention of the topic of State sponsored cyber aggression before moving on to other policy topics. The moderator and presidential candidate made mention of the topic as it related to recent reports of Russian cyber aggression against the U.S., with Secretary Clinton condemning such Russian cyber espionage. In light of the debate and with October being National Cyber security month, the U.S. government and policy makers need to bring the discussion of cyber security to the forefront of policy discussion. Central questions become: What role the government have in confronting, specifically, State sponsored cyber terrorism. What is the role of the individual citizen or business in response to these threats?
Cyber attacks are not a new phenomenon and those wishing to harm America and its people have targeted this now critical and widely implemented infrastructural base. Further, attacks do not extend solely to federal government entities, but recently attacks have come against some of the United States most lucrative private online presences such as Apple, Facebook, and Yahoo (https://www.hsdl.org/?view&did=737795.
Nearly 50,000 cyber security incidents were reported in 2012 by federal agencies compared to 2006 with 5,500 reported. This shows a ten-fold or 1,000 percent increase in attacks (https://www.hsdl.org/?view&did=737795). Overall, since 2006 this number has risen nearly 13,000% as gateways and channels have evolved and the devastating effect of cyber attacks has proceeded with increased informatization (http://www.thefiscaltimes.com/2016/06/22/Cyberattacks-Against-US-Government-1300-2006).
Further, the scope of the problem has expanded and is present in a more decentralized fashion. Whereas many attacks had targeted the federal government prior to 2006, the targets of the 2012 attacks ranged from children utilizing the internet at home to top level government officials. Further, the gateways being utilized by cyber aggressors, then, have evolved enormously (https://www.hsdl.org/?view&did=737795). Cyber terrorists in particular may seek to disrupt and harm the system in order to instill fear and destroy critical infrastructure. These threats could be both foreign and domestic, and cyber spies and thieves may seek information within a system for financial gains through exploitation of the cyber system. These attacks are often harder to pinpoint and attack in local government, state government, and private entities vs. those of the highly defended federal entities (https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity).
Further, nation-State sponsored cyber terrorism transcends attacks perpetrated by non-state hackers in attempts to gather information. Nation-State actors utilizing highly trained personnel and participating in highly coordinated, highly managed, and well-funded cyber attacks present an even greater threat to Americans. This is becoming an increased concern for The U.S. Government and DHS, with the Obama administration enacting numerous policies to try and increase Americas cyber security efforts (https://www.hsdl.org/?view&did=787846)
While an untraceable cyber aggressor is quite obviously of concern, evidence that points to State actor cyber aggression presents numerous additional problems in regard to foreign relations and international trust. Particularly, evidence has pointed to state sponsored and the highly organized efforts of specialized “cyber-attack units” in bringing about cyber aggression. The PLA (People’s Liberation Army) of China in particular have come under scrutiny for their aggression. In 2013, a highly organized Chinese military unit came under scrutiny for apparently operating under PLA supervision and via the orders of the Chinese government to conduct cyber attacks against U.S. and other foreign entities (http://www.economist.com/blogs/analects/2013/02/chinese-cyber-attacks). There is evidence that these attacks are still persisting despite pledges by China to cease attacks (http://freebeacon.com/national-security/china-continuing-cyber-attacks-on-u-s-networks/). Further, there have been reports of Russian attacks against Ukrainian power systems that could have been perpetuated by State sponsored entities that are characteristic of cyber warfare tactics (http://www.reuters.com/article/us-ukraine-cybersecurity-idUSKCN0VY30K).
The role of the government in preventing such attacks is of importance. The constant need to prevent physical terrorist attacks or those related to natural disasters still exists, but resources now need to be stretched more thinly in order to combat the new cyber threat.
However, the government has encountered problems as civil liberties become difficult to balance with increased cyber security needs that require the monitoring of endless data and information across a wide variety of platforms. In addition, many experts and government officials have concluded that cyber security efforts must run in accordance with the Constitution and American values. Michelle Richardson, a representative of the Civil Liberties Union, stressed that many issues concerning cyber security proceed via malware, and financial crimes that do not rise to the level of international incidents do not warrant military cyber defense. The concern and solution, then, of many experts is to emphasize the importance of keeping cybersecurity in private and civilian agencies, while bolstering national defense efforts as long as they do not compromise civil liberties (https://www.hsdl.org/?view&did=733614)
The role of the federal government, and by proxy the Department of Homeland Security is then of question. Further, the response capabilities of State, local, private, and citizen actors must be addressed to prevent current and future detrimental cyber aggression. The dynamics of privacy and security present constant concern as governments attempt to protect citizens without violating their rights to privacy. How then will we do our part as citizens to combat cyber terrorism? While the Federal government focuses on improving their cyber capabilities and dealing with the dilemma of State sponsored cyber terrorism, there is an ever increasing need to maintain existing preventative measures, while also evolving measures to limit future threats by all actors. Every citizen needs be aware of the implications of a cyber attacks against their own person, and the effect it can have on them. By raising awareness in multiple industries along with greater focus on educating citizens regarding cyber threats, vulnerabilities to cyber-attacks can be limited through the use of protective software. With most attacks proceeding through small channels, which could lead to the exploitation of certain key elements of the system a multifaceted and unitary approach to cyber aggression is a first step toward limiting vulnerabilities in all sectors of the government (http://www.nytimes.com/2013/03/29/technology/corporate-cyberattackers-possibly-state-backed-now-seek-to-destroy-data.html).
Sean Mossey is currently pursuing his PhD in Public Policy at UMass Boston’s McCormack Graduate School. He is the current student representative for the Northeastern Conference on Public Administration (NECOPA). His research interests and competencies include e-government, m-government, information security policy, quantitative analysis, global comparative policy, and organizational theory.