.
Despite the rise in cyberattacks on the U.S., the country has yet to cultivate a defensive mechanism to secure information in the cyber sphere. The concept of cyberwarfare is often not grasped by most policymakers and it’s an emerging threat that can infect pretty much any tech device. In the past couple years, the U.S. has been hit with a data breech on the Office of Personnel Management, which affected nearly 18 million federal employees. The most recent attack on credit reporting agency Equifax targeted citizens on a large scale; with more than 143 million hacked. The need for a solution in cyberwarfare has never been more apparent, however, the lagged pace in which the U.S. has mobilized has made the country more vulnerable.
“Our policy options are in paralysis and the situation is getting worse everyday” said Susan Hennessey, national security analyst at CNN, at a panel titled “Covering Cyber,” hosted by the George Washington University on October 31st. In a discussion about how cybersecurity has become an emerging policy issue in the U.S., the panelists agreed that delayed action on cybersecurity has pointed toward the muddled terminology and law surrounding the issue.
Former director of the National Security Agency General Michael Hayden explained that often the classification can be moved from being a cyber issue to an information issue. Although the defense is moving from a physical sphere to a cyber sphere, countries such as China and Russia above all hold the objective of seeking secure information about the U.S. The emerging defensive realm has posed problems for members of Congress because of the grey lines distinguishing law regarding privacy. Hayden said that “so much of our capacity is not able to be deployed because we lack legal and policy guidance as to what our true limits are.”
Although the U.S. has yet to establish policy regarding the way in which cybersecurity is used to internally collect information, the country has used cybersecurity to dismantle entire systems. In the past, the U.S. has launched cyberwarfare to disarm Iran nuclear systems and has attempted to do the same for nuclear weapons in North Korea.
The power of cyberwarfare has been applied to not only conventional warfare, but also in areas of politics and issues of information. In the past year, the cyber sphere has been used to influence the U.S. election via Facebook and has been used in attacks on U.S. companies that hold sensitive information on citizens. The Chief Washington C orrespondent for the New York Times David Sanger said that with information, “you can draw a much bigger picture of the entire population of the United States, what the nature of the relationships are and you can use that in a way that is far greater than what people initially think of…we have never actually seen data from the OPM attack show up being sold in any way, which tells you it’s about something different.”
In addition to leaked information from companies to hackers, the U.S. government also holds more information than ever in what Sanger called “a golden age of surveillance.” Due to the way in which the U.S. government decides to use such information, Sanger argued that it is “a debate that has huge implications for human rights issues around the world.” In this era of information, companies hold crucial information on citizens, and often when the company’s data is leaked, there is no accountability under law. The way in which citizens’ information, such as their social security number, becomes distributed and utilized by companies also presents a dilemma. The U.S. government’s attachment of citizens’ identity and their social security number has made it easy for hackers to steal identities and financial information from people. Sanger said that “the way you identify who you really are for cybersecurity purposes is completely nuts.”
While broad policy decisions within the U.S. government have been stalled in cybersecurity, chairman of the House Information Technology Subcommittee and Texas congressman Will Hurd said that a way the U.S. can improve cybersecurity is by filling the gap in cybersecurity jobs. Hurd said that he plans to create a “cyber national guard” by introducing scholarships for students studying cybersecurity in college and then filtering the students into federal cybersecurity positions. With Hurd’s plan, the U.S. could receive a boost in cyber defense that is not seen in the policies of Capitol Hill.
With discussion in place, the U.S. government has made small steps in instilling a collective cybersecurity front. However, the U.S. ranks below other countries in its ability to protect its infrastructure. In a report from Security Scorecard, the U.S. ranked third from last in overall cybersecurity, and fell short in leaked credentials, application security, hacker chatter, IP reputation and network security. The report also found that in all of the U.S. government, federal agencies were the least protected.
The U.S. is not the only country that is at a crossroads when it comes to cybersecurity policy. Hennessey said that “issues like who owns data about you, your ability to know who holds it, who is using it for what purposes, to change information if it is wrong…this is something other countries including Europe have really tried to tackle.” However, Hennessey noted that the U.S. is not close in developing a strategy in the future. Hennessey stated that “we can look at other countries that have tried to get into this area…but the path forward at least in my mind is not at all clear.”
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.
a global affairs media network
When it Comes to Cybersecurity Policy, the U.S. Is in the Dark
cyber target security on intentionally blurred United States flag
November 16, 2017
Despite the rise in cyberattacks on the U.S., the country has yet to cultivate a defensive mechanism to secure information in the cyber sphere. The concept of cyberwarfare is often not grasped by most policymakers and it’s an emerging threat that can infect pretty much any tech device. In the past couple years, the U.S. has been hit with a data breech on the Office of Personnel Management, which affected nearly 18 million federal employees. The most recent attack on credit reporting agency Equifax targeted citizens on a large scale; with more than 143 million hacked. The need for a solution in cyberwarfare has never been more apparent, however, the lagged pace in which the U.S. has mobilized has made the country more vulnerable.
“Our policy options are in paralysis and the situation is getting worse everyday” said Susan Hennessey, national security analyst at CNN, at a panel titled “Covering Cyber,” hosted by the George Washington University on October 31st. In a discussion about how cybersecurity has become an emerging policy issue in the U.S., the panelists agreed that delayed action on cybersecurity has pointed toward the muddled terminology and law surrounding the issue.
Former director of the National Security Agency General Michael Hayden explained that often the classification can be moved from being a cyber issue to an information issue. Although the defense is moving from a physical sphere to a cyber sphere, countries such as China and Russia above all hold the objective of seeking secure information about the U.S. The emerging defensive realm has posed problems for members of Congress because of the grey lines distinguishing law regarding privacy. Hayden said that “so much of our capacity is not able to be deployed because we lack legal and policy guidance as to what our true limits are.”
Although the U.S. has yet to establish policy regarding the way in which cybersecurity is used to internally collect information, the country has used cybersecurity to dismantle entire systems. In the past, the U.S. has launched cyberwarfare to disarm Iran nuclear systems and has attempted to do the same for nuclear weapons in North Korea.
The power of cyberwarfare has been applied to not only conventional warfare, but also in areas of politics and issues of information. In the past year, the cyber sphere has been used to influence the U.S. election via Facebook and has been used in attacks on U.S. companies that hold sensitive information on citizens. The Chief Washington C orrespondent for the New York Times David Sanger said that with information, “you can draw a much bigger picture of the entire population of the United States, what the nature of the relationships are and you can use that in a way that is far greater than what people initially think of…we have never actually seen data from the OPM attack show up being sold in any way, which tells you it’s about something different.”
In addition to leaked information from companies to hackers, the U.S. government also holds more information than ever in what Sanger called “a golden age of surveillance.” Due to the way in which the U.S. government decides to use such information, Sanger argued that it is “a debate that has huge implications for human rights issues around the world.” In this era of information, companies hold crucial information on citizens, and often when the company’s data is leaked, there is no accountability under law. The way in which citizens’ information, such as their social security number, becomes distributed and utilized by companies also presents a dilemma. The U.S. government’s attachment of citizens’ identity and their social security number has made it easy for hackers to steal identities and financial information from people. Sanger said that “the way you identify who you really are for cybersecurity purposes is completely nuts.”
While broad policy decisions within the U.S. government have been stalled in cybersecurity, chairman of the House Information Technology Subcommittee and Texas congressman Will Hurd said that a way the U.S. can improve cybersecurity is by filling the gap in cybersecurity jobs. Hurd said that he plans to create a “cyber national guard” by introducing scholarships for students studying cybersecurity in college and then filtering the students into federal cybersecurity positions. With Hurd’s plan, the U.S. could receive a boost in cyber defense that is not seen in the policies of Capitol Hill.
With discussion in place, the U.S. government has made small steps in instilling a collective cybersecurity front. However, the U.S. ranks below other countries in its ability to protect its infrastructure. In a report from Security Scorecard, the U.S. ranked third from last in overall cybersecurity, and fell short in leaked credentials, application security, hacker chatter, IP reputation and network security. The report also found that in all of the U.S. government, federal agencies were the least protected.
The U.S. is not the only country that is at a crossroads when it comes to cybersecurity policy. Hennessey said that “issues like who owns data about you, your ability to know who holds it, who is using it for what purposes, to change information if it is wrong…this is something other countries including Europe have really tried to tackle.” However, Hennessey noted that the U.S. is not close in developing a strategy in the future. Hennessey stated that “we can look at other countries that have tried to get into this area…but the path forward at least in my mind is not at all clear.”
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.