Tuesday, September 29, 2020
Home Cybersecurity News US cybersecurity commission calls for global cooperation

US cybersecurity commission calls for global cooperation

The global commons are under assault in cyberspace. Ransomware attacks, including North Korea’s WannaCry and Russia’s NotPetya, have disrupted vital medical services and global transportation systems, costing billions of dollars. Iran and China have engaged in similar actions.

These cyberattacks are carried out by states and nonstate actors that seek to undermine global connectivity for their own interests. But like a pandemic, these attacks affect all of society. The world needs a new approach to combating how nations use cyberspace to advance their interests at the expense of people around the world.

The U.S. Cyberspace Solarium Commission was formed by Congress in 2018 to develop a strategic approach to defending the United States in cyberspace. It provided a road map for establishing cooperation and accountability in cyberspace. The commission consisted of four federal legislators, the deputies of the Department of Homeland Security, Department of Defense, office of the Director of National Intelligence and Department of Justice, and six private-sector experts. One of us, Benjamin Jensen, served as the commission’s senior research director.

The commissioners and staff conducted more than 400 interviews with cybersecurity professionals, researchers and officials in the private sector, academia and foreign governments. The commission’s final report, released in March, lays out a comprehensive plan of action based on a new strategy: layered cyber deterrence.

Layered cyber deterrence

The proposed strategy breaks new ground in two ways. First, it asserts that contrary to conventional wisdom, it is possible to deter cyberattacks. Second, the strategy calls for coordinating activities in three layers to secure cyberspace. This won’t eliminate all bad behavior in cyberspace any more than traditional law enforcement has completely banished crime in the physical world. But it will improve how the U.S. government and the private sector respond to cyberthreats.

The first layer calls for the U.S. government to shape behavior in cyberspace through diplomacy and establishing new norms. Too many states quietly condone hacking to steal, spy and threaten their rivals. These attacks rely on illicit marketplaces for malware. The key is promoting responsible behavior in cyberspace and assigning specific expectations for the roles and responsibilities of governments and the private sector.

The second layer calls for the U.S. government to make cyberattacks less effective by promoting national resilience. This approach requires securing critical networks in collaboration with the private sector. It also requires being able to conclusively identify the perpetrators of malicious actions in cyberspace. And it requires increasing the security of the cyber ecosystem. Actions in this layer include working to create more transparency in cyber insurance markets and ensuring economic continuity in the event of a catastrophic cyber incident.

The third layer calls for the U.S. government to impose proportional costs to malicious actions in cyberspace. This requires the U.S., in collaboration with allies, to maintain the capability and credibility needed to retaliate against nations and organizations that target the U.S. in and through cyberspace. The means to retaliate include legal, financial, diplomatic and cyber powers that, applied in combination, assure compelling and unavoidable consequences for transgressors.

Early action with diverse responses

The U.S. Department of Defense “defend forward” policy, laid out in its 2018 strategy, calls for detecting and responding to threats as early as possible. Early action increases effectiveness and minimizes disruption. The commission report calls for this emphasis on early detection and action to be extended to the use of all government powers. It also calls for collaborating with an international coalition that lends strength and legitimacy when responding to cyber attacks.

The three components of this proposed strategy are defined as layers because they need to be applied in combination rather than as separate remedies. In this manner the strategy brings together a diverse array of private and public capabilities, resources and authorities.

The commission’s report includes 80 recommendations for implementing the strategy. For the recommendations that require changes in law, the commission drafted legislative language to assist Congress. The recommendations set the stage for a series of public hearings and outreach to the public. Implementing the strategy will involve changes in procedure, authority, law and ultimately in the behavior of cyberspace stakeholders.

While the commission has transitioned its role to one of advocacy for the report’s recommendations, the work of transforming perceived costs and benefits in cyberspace lies ahead. It will require the work of governments, the private sector and citizens. If the strategy is implemented successfully, nations that contemplate aggression in cyberspace will get the message: if you want to beat one of us, you’ll have to deal with all of us.

 

  • Benjamin Jensen is Professor of Strategic Studies, Marine Corps University; Scholar-in-Residence, American University, American University School of International Service. Additional reporting by Chris Inglis, Distinguished Visiting Professor in Cyber Security Studies, United States Naval Academy. This article originally appeared on TheConversation.

 

Advertisement
Benjamin Jensen
Benjamin Jensen
Benjamin Jensen is Professor of Strategic Studies, Marine Corps University; Scholar-in-Residence, American University, American University School of International Service.

Stay Connected

Join Our Newsletter

Must Read

Deep learning AI stuns scientists with poetry and journalism

Seven years ago, my student and I at Penn State built a bot to write a Wikipedia article on Bengali Nobel laureate Rabindranath Tagore’s...

Spooky quantum breakthrough could change physics forever

MIP* = RE is not a typo. It is a groundbreaking discovery and the catchy title of a recent paper in the field of...

Our solar system’s four most promising worlds for alien life

The Earth’s biosphere contains all the known ingredients necessary for life as we know it. Broadly speaking these are: liquid water, at least one...

Tragic visions of tech billionaires are shaping the human world

In the 20th century, politicians’ views of human nature shaped societies. But now, creators of new technologies increasingly drive societal change. Their view of...

Related News

Deep learning AI stuns scientists with poetry and journalism

Seven years ago, my student and I at Penn State built a bot to write a Wikipedia article on Bengali Nobel laureate Rabindranath Tagore’s...

Spooky quantum breakthrough could change physics forever

MIP* = RE is not a typo. It is a groundbreaking discovery and the catchy title of a recent paper in the field of...

Our solar system’s four most promising worlds for alien life

The Earth’s biosphere contains all the known ingredients necessary for life as we know it. Broadly speaking these are: liquid water, at least one...

Tragic visions of tech billionaires are shaping the human world

In the 20th century, politicians’ views of human nature shaped societies. But now, creators of new technologies increasingly drive societal change. Their view of...

‘I choose to be a cyborg’: Why I implanted computer chips in my hands

I have computer chips in my hands. The tiny (two millimetre by 12 millimetre) glass ampules are nestled just under the skin on the back...

This site uses Akismet to reduce spam. Learn how your comment data is processed.