CYBER THREAT IN NATIONAL SECURITY
Abstract
An operational contemporary society depends on a multifaceted tapestry of infrastructures such as transportation, food, energy, communication, among others. This paper critically analyzes the evolving cyber threat to national security infrastructures in the USA. The Paper will begin by analyzing the cyber environment and critical infrastructures. It then discusses the national cybersecurity put in place by the USA government and its limitations as well.
Introduction
The dramatic progress in information technology has led to the emergence of a new cyber domain, which has reduced barriers and increased cross border transactions. At the same time, the progress has augmented adversity between the United States and its rivals. The responsibility to protect national security falls squarely on the governments. The United States has a set of laws that address cyber threats and hold perpetrators of cyber-attacks accountable, besides allocating funds for research and educating the public on the issue. The federal government has executed efforts towards improving governance of cyberspace and security; these regulations are limited, as evidenced by the current attacks on presidential candidates in the United States.[1]Clearly, the U.S. lacks a comprehensive national security strategy to solve cybersecurity threats on its citizens effectively. Cybersecurity should not be a topic for a specialized group of people, such as experts; instead, it requires all stakeholders’ participation, including public-private sectors and the military. The U.S. governments must adopt a dynamic decision-making strategy that is informed by theory and backed by evidence. The strategy would facilitate the government to cope with the unpredictable and changing cyber threats.
In the twenty-first century, Cyberspace is the backbone for multiple other activities, including communication, emergency services, commerce, and transportation, distribution of power plants, and military command and control, among other essential infrastructures. It describes an area in the information sector that comprises information technology (IT) infrastructural networks, including the Internet, processors and controllers, computer systems, and telecommunication networks. An increase in cyber threats reflects an increase in society’s dependence on IT. Typically, perpetrators of cyber-attacks include a diverse group of nation-states, civilians, state-sponsored groups, and individuals that target specific individuals, entities, or government agencies, including the U.S. National Security. Cybercriminals’ motive is usually to offset the U.S.’s power on the battlefield with attacks on its critical infrastructures directly at home. Thus, the federal and state governments must initiate a multilateral strategic framework that prioritizes the dynamic challenges of cyber-attack in the Information Age in support of the national security strategy.
Cyber Environment
The threat of cyber-attacks is the main motivation for cybersecurity. All levels of cyberspace, including information, people, and operational software, are vulnerable to security breach through accident, infiltration, or attack. Typically, a malicious individual undertakes a cyber-attack through an internet-connected computer or another mobile device. Such people can often commit such crimes using limited operational and technical resources, which encourages cyber-attacks. The permeable nature of sophisticated networks renders it easy for hackers to infiltrate the target network with a limited detection risk. The asymmetric attributes allow a cyber attacker with limited military artillery to negate U.S. military superiority. Therefore, experts should focus on designing infrastructures that are hard to breach.
Cyber threats increase with the popularity of computing and are characterized by an attacker, the system targeted, hacking activities, and the attack’s outcome. The latter include damages to the system, losses to the victims, and negative effects on third parties, especially customers or users. The increased popularity of cyberspace, in turn, increases the availability of targets for the attackers who are increasingly becoming skilled and many.[2] For this reason, overall education on the users of the system should be conducted to ensure their safety. Government agencies need to educate the public on the necessary steps to take in order to reduce the risks of becoming a victim. Similarly, companies should ensure that their customers take specific precautions to prevent hackers from using their information or accounts to access the company systems. Therefore, defenders of network systems must familiarize themselves with the environment of cybersecurity, including the cyber domain and the human element of the attacker.
Critical Infrastructure
Critical infrastructure systems form the lifeline of modern society in the Information Age. This is because it connects various facilities that enable certain activities. Examples include railway connection, communication channels, and flight and health services. Previously, the dependence on infrastructure was limited to physical and geographical locations. The development of technology has led to a reliance on data communication, cloud computing, and using a computerized system, thus leading to cyberspace development. The critical infrastructure system is crucial to the United States’ national security, as it determines the ease with which cyber attackers commit crimes. Essentially, the cyber system forms the pillar of the critical infrastructure of a country. A major security event can adversely affect the reliability and safe operations of the related physical system. Past surveys by the federal government of the U.S. indicated that threats of cyber-based attacks were increasing both in numbers of incidents and their sophistications[3]. Cybersecurity measures classify threat to crucial infrastructure into four main categories: terrorism, sabotage, information malware, and natural disaster. The first involves individuals or groups that target essential infrastructure for political leverage. The second category involves an individual or group aiming to disrupt an agency or organization’s operation for a cause. The third category involves a private individual hacking into a system for personal gain or a nation agent initiating a cyber-attack to gather information and damage the target country’s infrastructure. The last category relates to hurricanes or natural phenomena that have the potential to cause large-scale damage to critical infrastructure, including water and power grids and oil pipelines. Thus, cybersecurity threats involve damage to physical infrastructure and disruptions through intangible components, the software.
Example of Cases of Cyber Attacks on the U.S.
In 2008, the U.S. experienced the most significant attack on its military information system network. Cybercrime involved a foreign intelligence deliberately placing a memory flash drive, which was infected by a virus known as “Agent btz” into the military computer. The virus was a variation of the “SillyFDC” worm, which spreads by replicating itself to thumb drives and other similar ones. When the infected drive or disk is used in another computer, it infects the computer in a similar manner. The virus develops loops backdoors, a method of circumventing ordinary encryption or authentication in a set of commands or products across the network, thereby facilitating the download of codes from control servers and remote commands.[4]The code then broke out on Secret Internet Protocol Router Networks (SIPRNet) and Non-Classified Internet Protocol Router Networks (NIPRNET) without being detected. Agent btz infected over 15,000 networks and 7 million devices across the entire U.S. military cyber domain, including those based in foreign countries.
Homeland Security deemed the event classified, and the Department of Defense (DoD) began Operation Buckshot Yankee to resolve the cyber-attack. All government employees and service members were ordered to stop using personal portable hard drives and flash drives, which comprise the Universal Serial Bus (USB). The national security team undertook routine scans across the entire military and government networks to ensure compliance with the order. The operation, which involved the Pentagon, took 14 months to clear the vulnerability.[5]This reflects the extent of damage that cybercrime such as that could have on a government agency. Because the operation was classified, the Pentagon did not reveal the number of computers infected with the virus and the amount of information loss the U.S. military experienced. The agency’s tortuous work did inspire the U.S. military to confront the U.S. Cyber Command in charge of defending the DoD network.
On July 4, after North Korea began its testing, cyber attackers launched a massive cyber-attack on websites in both the U.S. and South Korea ensued. The attack element was a botnet virus, which was presented as a group of zombie computers, which were under instructions to ping a range of government websites in the countries continuously. A second phase of the cyberattack infected between 30,000 to 60,000 computers, although this time, it was focused solely on South Korea cyberspace. The attack targeted vaccine companies, Web portals, and financial institutions besides the government’s organization’s websites. The decision to shift the focus to North Korea came about after the U.S. government and corporations outsourced Internet Service Providers (IPSs) to block the attacks.[6]
On July 10, 2009, the attackers launched the final wave of the attack. The attack, which was launched from 166,000 computers across 74 countries, targeted the same sites in South Korea, but it did not attempt to seize control of any government system. Ultimately, the attacks subside, and the team of software engineers involved contained the damage. An investigation into the cybercrime revealed that the virus was sending information to 8 servers, which were hosted in the U.S., Germany, the country of Georgia, and South Korea. Further investigation revealed that a server hosted in the United Kingdom controlled the eight servers. Outsourced internet security agents later discovered that a server hosted in Miami, Florida, controlled the U.K. server through a virtual private network (VPN) to mislead investigators of its true identity and location.[7]
The U.S. Cyber Security Strategy
The U.S. national security officials first recognized the impact of cyber threats in early 2000 when it had become more common and disastrous. The government took leading roles to structure cybersecurity strategy for the U.S. These steps led to the creating of the Homeland Security Presidential Directive 7 (HSPD-7) and National Strategy to Secure Cyberspace in 2003. In 2008, President George W. Bush launched the Comprehensive National Cybersecurity Initiative (CNCI).[8] Later, President Obama launched the Cyber Policy Review in 2009. However, the government struggled to provide a comprehensive strategy that was relevant to the emerging trends in cyberspace. The rigid nature of a bureaucratic system constitutes an impediment to fighting against cybercrime, as it does adjust effectively to the rapidly changing cyber environment.
The National Strategy to Secure Cyberspace formulated by President Bush administration recognized the need for a global partnership to fight against cyber assaults. The directive realized that countries must cooperate in raising awareness of cyber threats, enhance sharing of information between countries, support global security standards, and facilitate investigating and prosecuting perpetrators of cybercrime[9] Notably, the strategy recognized the lead agencies, including the DoD and Department of Treasury, and their cybersecurity sectors. The Homeland Security Presidential Directive 7 augments the NSSC by outlining the agencies’ responsibilities at all government levels in safeguarding critical infrastructures.
The National security Presidential Directive 54 established the CNCI that concentrated on protecting the information system of the executive branch of the government. It integrates an initiative to build a strategy to deter interference and cyber-attacks by enhancing the system’s warning capabilities, developing responses for public and private actors, besides explaining roles for the private sector and global partners. However, this initiative was limited because it focused mainly on securing the network of the executive branch of the government from cyber-attacks.
The subsequent Cyberspace Policy Review evaluated the state of the U.S. cyber defenses, which expanded the 2008 CNCI and encouraged transparency to enable governments, industry, academia, and individual participation. Similarly, these efforts were limited regarding the delivery of an effective national strategy (Sims 2011). President Trump’s administration expanded his predecessor review of the cybersecurity strategy. It increased the nation’s focus on improving international partnerships regarding investigating potential cyber-attacks. The U.S. will create interoperable and mutual systems to promote efficient cross-border information traffic to facilitate law enforcement and mitigate coordination obstacles. The Trump’s administration promised to promote effective use of existing global infrastructures such as the United Nations Convention Against Transnational Organized Crime as well as the G7 Network Points of Contact, which operates non-stop.[10] The administration also vowed to expand the global consensus in favor of the Budapest Convention. Moreover, the president focused on developing an exceptional cybersecurity workforce equipped to address any cyber threats against the U.S. in liaison with other global experts and networks. It also promised to build and sustain a supply talent pipeline and expand re-skilling and educational opportunities.
Limitations of Cyber Security Strategies
Many developed countries have strategies for countering cyber-attacks. However, such strategies have proven to be limited with regard to preventing cyber-attacks. Kovacs argues that these strategies comprise mainly of static documents that can partially address the dynamism of cyberspace.[11] Such cybersecurity defense deficiencies explain why cybercrime continues unabated and why more robust solutions to cyber-attacks that are currently available are essential.
The above cyberattacks disclose the challenges to the national security defense against the volatile cyber threat. The case reveals the limitation of authority across the globe. Apparently, the cases showed that attackers enjoy the liberty to launch an attack whenever and wherever they desire, forcing the target to safeguard their entire network consistently. The attack could be of any magnitude, novelty, complexity, or scope. The anonymity of cyberspace enables cybercrime perpetrators to hide their geographical location and deny responsibility for their crimes.
As of 2009, the U.S. laws directed towards cyberspace operations are decades old and are irrelevant in the current cyber-centric age. Moreover, the laws were applicable to the U.S. local jurisdictions only. Some provisions of the traditional law of armed conflict are relevant, although some aspects of the law are insufficient in deterring hostile acts or in curbing the potential escalation from cybercrime.[12] Internal laws, as national criminal laws and law of armed conflict, does not effectively deter cyber actors from perpetrating their objectives at the costly expense of the U.S. National Security. The former president of the United States, Barack Obama, undertook a Cyberspace Policy Review highlighted the U.S. need for a cybersecurity strategy developed to influence the global environment and United Nations together in agreeing on a range of issues, including use of force, sovereign duty, technical standards and legal rules concerning territorial jurisdiction.[13] Indeed, cybersecurity laws must be broad to cover technological innovations, but they are customized to leverage on the strengths of the agencies that will be responsible for its enforcement and application. The UN must pass laws unique to cybersecurity, such as those regarding the justification to engage in war and the limits to tolerable wartime conduct. The body of law will help international authorities prosecute cyber attackers, thereby deter potential or existing attackers from committing or continuing the crime. Countries must come together to enact policies and legislations that cover forecasted trends in the cyber environment and technological progress.
During President Obama’s first term, the legislation that surpassed international borders that targeted cybersecurity was limited. Legal ambiguities and inconsistencies across states´ legal systems protected the cyber attackers. Also, international laws lacked a compulsory penal system for cyber offenders. Instead, they used an ad hoc system to assign alleged cyber attackers to a state for prosecution, which may not conform to the international community standards. The Cybersecurity Strategy Formulation Model would provide a medium promised to offer a medium for integrating global efforts and facilitate a consensus of legal steps. Nevertheless, questionable physical locations of cyber attackers, the increasing sophistication of cyber threats, and limited lexicons unique to cyber challenge the international initiatives. Thus, the legislative framework for cyber had to be amended with national and international inputs to form a versatile decision-making process that would create laws that transverse states specific to cybercrimes.
Recommendations
The U.S. has successfully addressed different cyber-attacks tactically but has approached cyber threats in a bureaucratic manner, which has been antiquated and irrelevant at safeguarding Americans and the government against fast-changing cyber threats during the information age. By preemptively addressing the indications of cyber assaults devoid of a strategy is not enough, and therefore, the government had to initiate a solution that will intercept the attacker, their actions, and enforce punitive measures that both the national and international laws support. U.S. policymakers and defenders must adapt prudent measures to identify policies that enhance information dissemination between internal and external entities. Notably, government agencies at all levels must liaise with the private sector, who own the majority of information and communication networks, and international allies. The global community must be willing to support such contingency exercises as Cyber Storm, which tests communications, policies, and procedures between the public and private sectors in relation to diverse cyber-attacks. The partnership will enable the participants to identify the points that require additional improvements. The Cyber Storm participants included the U.K., Canada, Australia, and New Zealand, which were few. Nevertheless, it strengthened the U.S. cybersecurity preparedness and response strategies by adapting the experiences from the drill.[14] Cyber Storm is a valuable tool for formulating inclusive security policy. Whereas the exercises constitute a starting point that the countries could adapt to the observation phase, the fast-evolving cyberspace requires a flexible routine process. The U.S. should conduct the exercise more frequently than the traditional 1 to 2 years interval.
Conclusion
The U.S. faces certain challenges in relation to cybercrime characteristics of the Information Age. The previous administration did adequately consider the approaches to cybersecurity issues. The challenges to address cyber-attacks attributes to the anonymity of the Internet and the deficiency in existing codes to detect attacks. The partnership between countries is essential in the fight against cybercrime. However, economic and military rivalry tends to hinder inclusivity in the proposed international strategy to counter cybercrime.
Bibliography
Clarke, Richard A. and Robert K. Knake, Cyber War (New York: HarperCollins Publishers,
2010), 25. Department of Homeland Security, Cyber Storm Exercise Report (September 12, 2006): 3.
Harrop, Wayne, and Ashley Matteson. “Cyber Resilience: A Review of Critical National Infrastructure and Cyber Security Protection Measures Applied in the UK and USA.” Journal of Business Continuity & Emergency Planning, 2013.
Lord, Kristin M, Travis Sharp, Contributors Robert E Kahn, Mike Mcconnell, Joseph S Nye, Peter Schwartz, Nova J Daly, et al. “America’s Cyber Future Security and Prosperity in the Information Age.” Center for a New American Security, 2011)
Robert Kehler, C., Herbert Lin, and Michael Sulmeyer. “Rules of Engagement for Cyberspace Operations: A View from the USA.” Journal of Cybersecurity,2017.
Rudner, Martin. “Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge.” International Journal of Intelligence and CounterIntelligence,2011.
Sims, Jonathan W. Cybersecurity: The Next Threat to National Security. (MARINE CORPS COMMAND AND STAFF COLL QUANTICO VA, 2011):16
The White House. The National Strategy to Secure Cyberspace. GOV US Executive Branch, 2003.
The White House, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure (2009)
Todd C. Huntley, “Controlling the Use of Force in CyberSpace: The Application of the Law of Armed Conflict During a Time of Fundamental Change in the Nature of Warfare,” Naval Law Review (2010): 2.
Kovacs Laszlo, National Cyber Security as the Cornerstone of National Security. Land Forces Academy Review, vol XXIII, (2018):118
[1] Wayne Harrop and Ashley Matteson, “Cyber Resilience: A Review of Critical National Infrastructure and Cyber Security Protection Measures Applied in the UK and USA.,” Journal of Business Continuity & Emergency Planning ( 2013):149
[2] C. Robert Kehler, Herbert Lin, and Michael Sulmeyer, “Rules of Engagement for Cyberspace Operations: A View from the USA,” Journal of Cybersecurity (2017):69
[3] Martin Rudner, “Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge,” International Journal of Intelligence and CounterIntelligence (2013):455
[4] Sims, Jonathan W. Cybersecurity: The Next Threat to National Security. (MARINE CORPS COMMAND AND STAFF COLL QUANTICO VA, 2011):16
[5] Sims,17
[6] Clarke, Richard A., and Robert K. Knake, Cyber War, (New York: HarperCollins Publishers, 2010), 25. Department of Homeland Security, Cyber Storm Exercise Report (September 12, 2006): 3.
[7] Sims,19
[8] Kristin M Lord et al., “America’s Cyber Future Security and Prosperity in the Information Age,” Center for a New American Security (2011).
[9]: the White House, The National Strategy to Secure Cyberspace, GOV US Executive Branch, 2003.
[10] The White House, The National Strategy to Secure Cyberspace (Washington, D.C., February 2003):51.
[11] Laszlo Kovacs, National Cyber Security as the Cornerstone of National Security. Land Forces Academy Review, vol XXIII, (2018):118
[12] Todd C. Huntley, “Controlling the Use of Force in CyberSpace: The Application of the Law of Armed Conflict During a Time of Fundamental Change in the Nature of Warfare,” Naval Law Review (2010): 2.
[13] The White House, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure (2009)
[14] Kovacs, 120