Polices to Defend the Homeland Against Cyber Threats

This paper highlights the need for the United States to improve its cybersecurity based on growing interconnected and vulnerable technology-based society. There are numerous adversaries looking to take advantage of the anonymity and cost-effective attack options presented in cyberspace. Adversaries that previously had limited ability to attack the U.S. are discovering ways to attack our most critical infrastructure. The United States must take action to deter these attacks by denying them access to critical systems and withholding information about vulnerable programs.

Further, the U.S. must be willing to reduce the secrecy around some of our cyber operations in order to establish norms and effectively attribute malicious cyber activity (Sanger, 2018). Finally, the U.S. must prioritize educating the population. This education should involve improving cyber hygiene nation-wide. Additionally educating a capable and ready cadre of cybersecurity professionals can develop a ready bench of experts able to respond to serious cyberattacks. Introduction Over the past two decades, the Internet and its importance to our society have grown exponentially.

Since the turn of this century, the Internet has become a general-purpose technology that contributes trillions of dollars to the world economy and connects half the world’s population. Twenty years ago, only one half of one percent of people were on the Internet, roughly 16 million users. Now well over half the world, billions of people, use the Internet. Almost every nation in the world has critical systems attached and interconnected via digital systems. The National Cyber Strategy (NCS) (2018) notes that “critical infrastructure, national defense, and the daily lives of Americans rely on computer-driven information technology” (p.

Get quality help now

WriterBelle

Verified

Proficient in: Computer Security

4.7 (657)

“ Really polite, and a great writer! Task done as described and better, responded to all my questions promptly too! ”

+84 relevant experts are online

Hire writer

1). The American and in turn the global economy and the function of people’s daily life support is inexorably linked by the Internet. Furthermore, billions of devices are connected to the “internet of things” and this will continue to exponentially grow in the coming years (Goodman, 2015).

Everything is becoming connected to or reliant on connected and ultimately vulnerable devices. An average American has countless minute by minute interactions with the devices and services reliant upon this interconnected structure. Cell phones and computers are just the most commonly thought of mediums. There are countless others. The purity of your water is controlled by an Industrial Control System with Programmable Logic Controls linked to computers and the Internet. Street lights, trains, air traffic control, sewage systems, banks, hospitals, global logistics are all part of a growing, interconnected infrastructure that provides life support to the majority of the world. While this interconnected world has created expanded opportunities for information sharing and problem-solving it has created countless dependencies and vulnerabilities (Nye, 2017). These vulnerabilities have been exploited in the past and continue to be susceptible to infiltration by hackers of every variety and flavor. As all facets of American life have become more dependent on a secure cyberspace, new vulnerabilities have been revealed and new threats continue to emerge (NCS, 2018).

As Sanger (2018) points out “for seventy years, the thinking inside the Pentagon was that only nations with nuclear weapons could threaten America’s existence. Now that assumption is in doubt” (pg. xiii). Previously, theorists believed that the United States only true existential threat would come from a Chinese or Russian intercontinental missile, and the two great oceans protected us from the rest of the world. There was a balance and a security in that order of things. Cyberspace and the weapons that are generated from cyberspace have eliminated this security (Sanger, 2018). Cyberweapons just like traditional weapons have a value to nations and non-state actors who continue to build their cyber armies for their personal or national benefit. The world has seen the use of numerous cyber weapons within the past decade. North Korea hacked into Sony and released a wealth of private information, it raided Bangladeshi banks and unleashed the WannaCry attack. Iran attacked a Saudi oil company (Sanger, 2018) and disrupted American Banking (Zetter, 2015).

Peer competitors have had even more dedicated campaigns. China has proven adept at incorporating cyber operations into its national strategy of growing its economy by stealing hundreds of billions in intellectual property and state secrets. Russia, led by the ex-KGB agent Vladimir Putin, continues to play the international disrupter and spoiler by taking cold-war era propaganda and subversion tactics and amplifying them in the echo chamber of social media. All of these examples and other cyberweapons ultimately “…offer state and non-state actors the ability to wage campaigns against American political, economic, and security interests without ever physically crossing our borders” (National Security Strategy, 2017, p. 12). Goodman (2015) notes that the Internet means we are increasingly living in a borderless world. Today anybody, with good or ill intent, can virtually travel at the speed of light halfway around the planet (pg. 15).

This borderless world partnered with the inherent vulnerabilities in the digital systems that run our day to day lives creates opportunities for exploitation and anonymity not seen with traditional weapons. Regulation and protection are made more difficult in western societies that value privacy, individual liberty, and a global free market economy. These values make securing cyberspace a complex wicked problem. What are the most important policies the current administration enact to better defend the U.S. cyber infrastructure and deter our adversaries and competitors? The 2018 National Cyber Strategy lays out a broad plan with four pillar; 1) defend the homeland by protecting networks, systems, functions, and data; 2) promote American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation; 3) preserve peace and security by strengthening the U.S. ability to deter and punish those who use cyber tools for malicious purposes; and 4) expand American influence abroad to extend the key tenets of an open, interoperable, reliable and secure internet.

This strategy is a good start for the Trump administration to begin addressing cybersecurity concerns. This paper will make specific recommendations for emphasis within the strategy supported by numerous cybersecurity experts. Developing and implementing U.S. cybersecurity policy to protect the most important portions of the United States has many key aspects. It is important to examine critically any proposed solutions. This paper is divided into three different parts. First is the Literature Review. It will establish a shared understanding of key definitions and provide a brief background and description of cyber threats and vulnerabilities. Additionally, the literature review will examine case studies. They will apply the proposed policies to a relevant cyberattack case. This case study serves to validate and refine these proposals. Next, a methodology section will describe the materials and design of the paper. Finally, there is a brief summation of the paper’s findings. Thesis The U.S. must first and foremost dedicate itself to the security of cyberspace and our critical infrastructure through deterrence by denial.

This means a more defensive approach to cyber operations increasing our ability to deter and attribute cyberattacks against ourselves and our international allies and interests. Secondly, the U.S. must be willing to reduce the secrecy associated with cyber operations to support a dedicated effort to establish international norms. Finally, the U.S. must focus on educating the public on the safest way to use the internet and build its cybersecurity workforce. The following literature review will begin to establish a common understanding of the current situation in relation to U.S. and international cybersecurity. Literature Review Rapidly developing and dynamic malign cyber activity means that the current administration must act quickly to outpace our adversaries and defend the nation. There are many crucial aspects to defending U.S. critical infrastructure. To advance the discussion it is important to have a shared understanding of definitions and a broad understanding of the current state of affairs in cyberspace. This review is divided into three different parts. First, there are key definitions.

Then there is brief background covering the growth of the internet the threats and critical vulnerabilities the country faces. Finally, a more detailed examination of a case study to examine the recommended prioritization of U.S. policies in the context of the WannaCry cyberattack. Key Definitions Since the Internet is relatively new to the world, only a few decades old, there tends to be a lack of consensus on definitions dealing with key points in cyberspace. Notable, NATO’s Cooperative Cyber Defence Centre of Excellence has identified 15 separate international definitions for a cyberattack (Cyber definitions, n.d.). To improve the clarity this paper will set the understanding by defining some key terms based on notable sources. The literature identifies three general types of malicious cyber action; Cybercrime, Cyberattack, and cyberespionage (Whitehouse, 2017 and Bullock, 2013). Cyberattacks are any deliberate action that affects the desired availability and/or integrity of data or information systems integral to operational outcomes of a given organization (Defense Science Board, 2017).

They may have temporary or permeant effects, be destructive or only disruptive and may be conducted remotely or via close access (Defense Science Board, 2017). As Sanger (2018) highlights in his book, so far there have been only a few cases of a cyberattack causing damage in the physical world, Stuxnet being the most notable. But, cyberattacks are not yet as commonplace as other malicious cyber activity (Allen, 2017). The U.S. and Russia define cyberespionage as a cyber operation to obtain unauthorized access to sensitive information through covert means (Cyber Definitions, n.d.). The U.S., Russians, and Chinese governments have proven particularly adept at cyberespionage to bolster their intelligence efforts, national power and economy (Sanger, 2018). Cybercrime is the use of computing and information systems to illegally attain notoriety, money or some other form of personal gain (Bullock, 2013). This is the most recognizable form of malicious cyber activity for the general public. Recent examples of cybercrime range from the 2013 hack of Target’s point of sale processing, to a simple ransomware attack that targets your elderly parents.

According to a Bankrate.com research poll in 2016 as many as 41 million Americans have had their identities stolen. Cybercrime has become an organized efficient enterprise over the past decade and a half, that Goodman refers to as Crime Inc. Information warfare is difficult to decouple from the growing cyber threats. The interconnected nature of social media and the expert use of propaganda as a weapon amplified by interconnected social platforms. Information warfare is the use of information, not necessarily computer data networks, to engage in hostilities with an enemy. Information warfare can include propaganda, misinformation, disinformation, and other forms of communication that can distract or confuse an adversary (Ramsey, 2014). Sanger (2018) details Russian interference in the U.S. elections, and as such, it is the most notable recent example of information warfare. Many of these malicious cyber activities are possible due to flawed computer code often referred to as vulnerabilities (Goodman, 2015). Zero-day vulnerabilities are exploits that have not yet been discovered and identified by the program owner.

Thus, the manufacturer has had ‘zero days’ to patch and update their program (Sanger, 2018). With a good zero-day exploit, a malicious attack has a greater chance of success (Zetter, 2014). A good exploit on a popular program like Windows or Adobe can be very valuable to the right buyer (Krebs, 2016). Good cyber hygiene is an important element of a proper cybersecurity (Nye, 2017). Cyber hygiene refers to a number of best practices users of connected technology take to ensure their devices remain secure and ‘healthy.’ (Brook, 2018). Goodman (2016) and Nye (2017) both highlight its importance in the broad application of cybersecurity. Good cyber hygiene acts similarly to the herd immunity of viral vaccinations. Finally, critical infrastructure is, as defined by the Department of Homeland Security, “the assets, systems and networks, whether physical or virtual, so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety,” (Bullock, 2013 p. 171).

Presidential Policy Directive 21 identifies 16 critical infrastructure sectors including water and wastewater, food and agriculture, public health, energy, and financial among others. Both Koppel (2015) and Zetter (2014) note the vulnerabilities in our electrical grid, specifically. Further noting that the supervisory control and data acquisition (SCADA) with their dated industrial control systems (ICS) and programmable logic controllers (PLCs) are particularly vulnerable. Background Kaplan (2016) explains in his book how every President since Reagan has wrestled with the notion of operating in and securing the country from cyberspace. Reagan asked his cabinet if a scenario similar to the one in the film ‘WarGames’ could actually happen (Kaplan, 2016). When the answer was not just ‘yes’ but ‘the problem is much worse than you think’ (pg. 2) he ordered the National Security Agency (NSA) to begin securing the internet via National Security Decision Directive (NSDD) number 145. This was significant for a couple of reasons. Sanger (2018) adeptly points out that the NSA, as an intelligence agency, operates with a high degree of secrecy. A characteristic that has hindered attribution of malign actors to this day (Sanger, 2018). This was also a milestone in it was one of the first efforts to secure the internet and the critical infrastructure connected to it. But congressional leaders and civil liberties groups did not want the NSA involved in securing the internet for fear it would ultimately result in spying on American citizens (Kaplan, 2016).

Unfortunately, as Kaplan points out over the next 35 years the successive administrations have not been able to protect cyberspace from the myriad threats. Kaplan states that during this same period “hacking emerged as a serious nuisance and an occasional menace” (pg. 60). The first large-scale hack occurred in 1988. Robert Morris Jr. launched one of the first widely publicized computer worms from his computer at the M.I.T. (Zetter, 2014). Though he had no ill intent, his program was intended to measure the size of the internet, it resulted in the first recorded denial of service attacks (Kaplan, 2016). The program came to be called the “Morris Worm” and effectively shut down one-tenth of the internet including computers located at Wright-Patterson Air Force Base (Kaplan, 2016). This was an early indicator of what would come. After President Reagan successive presidents would attempt to deal with the issue of securing the internet (Kaplan, 2016).

Though would become derailed by seemingly more pressing current events. Enough time would pass between serious incidents when the issue would be raised it was considered a ‘new’ problem (Kaplan, 2016). By the time the Obama administration refocused on the issue the problem was growing out of control. Vulnerabilities and Threats It is estimated that roughly 9 billion devices are connected to the internet (Singer, 2018). A number that will likely double and quite possibly triple in the next 5 years (Singer, 2018). Today anyone can travel the world and have maps and directions on every road in the palm of their hand. The common cell phone has more computing power and uses more lines of code than were used to launch NASA’s Apollo missions to the moon (Goodman, 2016). This expansion in technology has done incredible good in numerous fields such as science and medicine (Goodman, 2016). However, it provides the ability for malign actors the opportunity to wreak havoc on some of the most important aspects of our lives (Goodman, 2016, Koppel, 2015).

Former U.S. Secretary of Defense Leon Panetta noted, “the next Pearl Harbor that we confront could very well be a cyber-attack that cripples” our power systems and our grid (Goodman, 2016, pg. 26). According to a Princeton University research group found that most Internet experts feel a devastating cyber-attack will occur within the next 10 years. An attack from cyberspace could possibly affect business, utilities, banking, communication, and any other internet dependent components of society (Bullock, 2013). Numerous experts believe it will only be a matter of time before U.S. infrastructure is the target of a massive cyber-attack. How could an attack cripple a nation? One way is by attacking a piece of critical infrastructure. A well-known and documented vulnerability lies in the electrical grid of the U.S. Ted Koppel (2015), the trusted American journalist, detailed the vulnerability to our critical infrastructure, particularly the electrical grid.

The world’s electrical grids utilize supervisory control and data acquisition (SCADA) systems to function (Goodman, 2016). These systems were not designed with security in mind. Also, SCADA systems were not engineered to be resistant to an Internet-connected world (Zetter, 2014). Most of the literature specifically notes the industrial control systems (ICS) and programmable logic controllers (PLC) that run SCADA systems are vulnerable to cyber intrusion and attack. As they became connected to the internet, the critical infrastructure we rely on became vulnerable (Zetter, 2014). Examples of attacks against critical infrastructure are becoming more and more common. The U.S. and Israel attacked Iranian nuclear program in the Stuxnet attack (Zetter, 2014). Russia has attacked multiple sectors of critical infrastructure in Ukraine over the past four years (Greenberg, 2018). The combination of these vulnerable systems and the growing interconnectedness of the world provide increased opportunities for devastating attacks from cyberspace.