Friday, June 5, 2020
Home Cybersecurity News US cybersecurity commission calls for global cooperation

US cybersecurity commission calls for global cooperation

The global commons are under assault in cyberspace. Ransomware attacks, including North Korea’s WannaCry and Russia’s NotPetya, have disrupted vital medical services and global transportation systems, costing billions of dollars. Iran and China have engaged in similar actions.

These cyberattacks are carried out by states and nonstate actors that seek to undermine global connectivity for their own interests. But like a pandemic, these attacks affect all of society. The world needs a new approach to combating how nations use cyberspace to advance their interests at the expense of people around the world.

The U.S. Cyberspace Solarium Commission was formed by Congress in 2018 to develop a strategic approach to defending the United States in cyberspace. It provided a road map for establishing cooperation and accountability in cyberspace. The commission consisted of four federal legislators, the deputies of the Department of Homeland Security, Department of Defense, office of the Director of National Intelligence and Department of Justice, and six private-sector experts. One of us, Benjamin Jensen, served as the commission’s senior research director.

The commissioners and staff conducted more than 400 interviews with cybersecurity professionals, researchers and officials in the private sector, academia and foreign governments. The commission’s final report, released in March, lays out a comprehensive plan of action based on a new strategy: layered cyber deterrence.

Layered cyber deterrence

The proposed strategy breaks new ground in two ways. First, it asserts that contrary to conventional wisdom, it is possible to deter cyberattacks. Second, the strategy calls for coordinating activities in three layers to secure cyberspace. This won’t eliminate all bad behavior in cyberspace any more than traditional law enforcement has completely banished crime in the physical world. But it will improve how the U.S. government and the private sector respond to cyberthreats.

The first layer calls for the U.S. government to shape behavior in cyberspace through diplomacy and establishing new norms. Too many states quietly condone hacking to steal, spy and threaten their rivals. These attacks rely on illicit marketplaces for malware. The key is promoting responsible behavior in cyberspace and assigning specific expectations for the roles and responsibilities of governments and the private sector.

The second layer calls for the U.S. government to make cyberattacks less effective by promoting national resilience. This approach requires securing critical networks in collaboration with the private sector. It also requires being able to conclusively identify the perpetrators of malicious actions in cyberspace. And it requires increasing the security of the cyber ecosystem. Actions in this layer include working to create more transparency in cyber insurance markets and ensuring economic continuity in the event of a catastrophic cyber incident.

The third layer calls for the U.S. government to impose proportional costs to malicious actions in cyberspace. This requires the U.S., in collaboration with allies, to maintain the capability and credibility needed to retaliate against nations and organizations that target the U.S. in and through cyberspace. The means to retaliate include legal, financial, diplomatic and cyber powers that, applied in combination, assure compelling and unavoidable consequences for transgressors.

Early action with diverse responses

The U.S. Department of Defense “defend forward” policy, laid out in its 2018 strategy, calls for detecting and responding to threats as early as possible. Early action increases effectiveness and minimizes disruption. The commission report calls for this emphasis on early detection and action to be extended to the use of all government powers. It also calls for collaborating with an international coalition that lends strength and legitimacy when responding to cyber attacks.

The three components of this proposed strategy are defined as layers because they need to be applied in combination rather than as separate remedies. In this manner the strategy brings together a diverse array of private and public capabilities, resources and authorities.

The commission’s report includes 80 recommendations for implementing the strategy. For the recommendations that require changes in law, the commission drafted legislative language to assist Congress. The recommendations set the stage for a series of public hearings and outreach to the public. Implementing the strategy will involve changes in procedure, authority, law and ultimately in the behavior of cyberspace stakeholders.

While the commission has transitioned its role to one of advocacy for the report’s recommendations, the work of transforming perceived costs and benefits in cyberspace lies ahead. It will require the work of governments, the private sector and citizens. If the strategy is implemented successfully, nations that contemplate aggression in cyberspace will get the message: if you want to beat one of us, you’ll have to deal with all of us.

 

  • Benjamin Jensen is Professor of Strategic Studies, Marine Corps University; Scholar-in-Residence, American University, American University School of International Service. Additional reporting by Chris Inglis, Distinguished Visiting Professor in Cyber Security Studies, United States Naval Academy. This article originally appeared on TheConversation.

 

Advertisement
 

Benjamin Jensen
Benjamin Jensen
Benjamin Jensen is Professor of Strategic Studies, Marine Corps University; Scholar-in-Residence, American University, American University School of International Service.
Advertisement

Stay Connected

Join Our Newsletter

Must Read

World sees surge in website defacement during pandemic

One consequence of the public’s compliance with social distancing and quarantines during the COVID-19 pandemic is a sharp decline in most types of crime....

Coronavirus sparks interest in work from home and VPN

Coronavirus forces work from home Government and worldwide health guidelines which came into force after the onset of the coronavirus pandemic have seen a rise...

Women workouts in Covid lockdown could spell end of gyms

Digital fitness is enjoying a COVID-19 boom. Online fitness technology provider Virtuagym reports a 400% increase in engagement and a 300% increase in the...

The pandemic demands a surveillance debate beyond ‘privacy’

The coronavirus pandemic has stirred up a surveillance storm. Researchers rush to develop new forms of public health monitoring and tracking, but releasing personal...

Related News

World sees surge in website defacement during pandemic

One consequence of the public’s compliance with social distancing and quarantines during the COVID-19 pandemic is a sharp decline in most types of crime....

Coronavirus sparks interest in work from home and VPN

Coronavirus forces work from home Government and worldwide health guidelines which came into force after the onset of the coronavirus pandemic have seen a rise...

Women workouts in Covid lockdown could spell end of gyms

Digital fitness is enjoying a COVID-19 boom. Online fitness technology provider Virtuagym reports a 400% increase in engagement and a 300% increase in the...

The pandemic demands a surveillance debate beyond ‘privacy’

The coronavirus pandemic has stirred up a surveillance storm. Researchers rush to develop new forms of public health monitoring and tracking, but releasing personal...

Here’s why you can’t resist splurging on online shopping

The demand for online shopping has obviously increased since COVID-19 restrictions were put in place. But less obvious are the subtle psychological drivers behind our...

This site uses Akismet to reduce spam. Learn how your comment data is processed.