A New Report from a Washington D.C. think tank with ties to the Obama
Administration says the U.S. needs to overhaul its cyber security
planning and issue a kind of Monroe Doctrine for cyber space to
discourage attacks against U.S. interests.
The report, “America’s Cyber Future: Security and Prosperity in the Information Age,” was released by the Center for a New American Security (CNAS)
on Tuesday. In it, leading academics, technologists and private sector
security experts warn that cyber threats are outpacing the U.S.
Government’s efforts to counter them.
The CNAS report was released ahead of the think tank’s annual conference on Thursday and comes amid published reports that the Pentagon is ready to declare that cyber attacks and sabotage could be considered acts of war.
The past two years have seen disclosures about repeated, high profile breaches at U.S. government agencies, leading private sector firms and defense contractors. Despite that, the CNAS report maintains that the U.S. has made progress in strengthening cyber security. However, the country needs stronger and more proactive leadership from the federal government to create an environment in which “companies and researchers can innovate faster than thieves and spies.”
First and foremost, the U.S. government needs to develop and articulate a comprehensive plan for securing cyber space. The goal of the strategy is not to stamp out malicious activity online, but to set a “threshold at which it might imperil general confidence in the security of the Internet,” according to a copy of the report that was published on the CNAS Web site.
The Department of Homeland Security should become the U.S. Government’s main agency for investigating and responding to security incidents, with new and broad powers to work and share information with private sector Internet service providers.
When it comes to cyber attacks on U.S. interests, the report urges the U.S. to “outline the broad contours of a declaratory policy for cyberspace” that will make it clear that the U.S. is prepared to retaliate for attacks on its interests and describes what kinds of actions the U.S. finds “intolerable” in the cyber realm, even while leaving the question of how it might respond open.
That policy would have similar goals in cyberspace as the 19th century’s Monroe Doctrine did in the sphere of geopolitics, helping “deter the most threatening actions and strengthen(ing) America’s role as a shaper, not a victim, of developments in cyberspace,” the report concludes.
The U.S. should make clear to potential enemies that its military can operate in a command and control environment degraded by cyber attacks and clear the way for improved cyber offense, defence and cyber intelligence operations.
Beyond the domestic sphere, the report says the U.S. needs to use its international muscle to forge an international consensus on cyber security: increasing cooperation with allies and treaty parties to make information sharing, crisis response and joint military exercises around cyber incidents easier. The U.S. should increase its efforts to work with rising powers like Russia and China to develop rules of the road for cyber engagements.
CNAS was founded in 2007. The relatively new think tank took on a higher profile with the Obama Administration. The administration hired a number of CNAS employees for key posts. They include CNAS founders Michele Flournoy and Kurt Campbell, who left to become Undersecretary of Defense for Policy (Flournoy) and Assistant Secretary of State for East Asian and Pacific Affairs (Campbell).
The final report consists of two volumes: a report authored by Kristin Lord, Vice President and Director of Studies at CNAS. A second volume consists of essays on cyber security and privacy, with contributions both from within and without CNAS, including thoughts from some recent Threatpost contributing writers. Noted security expert Dan Geer of the CIA-backed venture capital fund In-Q-Tel contributed a chapter on “How Government Can Access Innovative Technology,” while Gary McGraw, the Chief Technology Officer of Cigital Inc., writes on “Separating Threat from the Hype.” James Lewis of the Center for Strategic and International Studies writes about “Why Privacy and Cyber Security Clash.”