Goverment can't do cybersecurity alone
September 6th, 2011
03:18 PM ET

Goverment can't do cybersecurity alone

EDITOR'S NOTE: Ed Stroz is a former Special Agent at the Federal Bureau of Investigation, where he was responsible for the formation of the FBI’s Computer Crime Squad in New York City. Currently he is co-president and founder of Stroz Friedberg, a cybersecurity consulting firm. Carl Young is managing director at the same firm. Prior to joining Stroz Friedberg, Mr. Young was a risk strategist and Global Head of Physical Security Technology at Goldman Sachs, and previously held a succession of senior posts at the FBI.

By Ed Stroz and Carl Young, for CNN

The attacks in New York and Washington, D.C. on September 11, 2001 signified the unofficial start of the U.S. war on terror.  Although the images of that day remain fixed in our memories, the ten-year anniversary of 9/11 is an opportunity to examine how we have changed the way we think about the importance of security in our lives.

At the same time, the ten years since 9/11 have witnessed an explosive dependency on information technology around the world.  One statistical indicator of this growth is the 480% increase in the global use of the Internet since 2001, where the number of Internet users comprises nearly a third of the seven billion inhabitants of the planet.

Much of the U.S. information technology infrastructure and associated software is owned and operated by private organizations that conduct business using web applications that can be accessed through the Internet or utilize network devices with similar risk exposure to computer viruses.  Such viruses, also known as malware, are increasingly sophisticated and have become ubiquitous on the Internet.  A computer system that is infected by such malware can still work perfectly well with no signs of infection.  The malware can sit silently waiting for instructions to take destructive action later.  For the first time, the number of new computer viruses introduced in a single year (2011) is expected to exceed two million.

Cyber attacks continue to be directed against the full spectrum of organizations that support every aspect of our lives.  Each day it seems a new headline appears about an organization, public and private, which is severely impacted by a cyber attack.  Therefore, the private sector finds itself on the front lines of a war that arguably threatens our national security at least as much as the war on terror.

The difference is that in the case of cyber war, the private and public sectors are co-combatants in a struggle against invisible and diverse adversaries who possess constantly evolving weapons and lack a unifying cause.

In some instances the cyber enemy is state-sponsored.  This certainly raises the stakes and supports the contention that future battles between nations could increasingly be fought on the world’s information technology networks.  In that vein, the U.S. Department of Defense has recently established the U.S. Cyber Command in recognition of the implications of cyber attacks to national security.

This private-public partnership to confront cyber crime is born of necessity, since there are operational conditions that preclude each from operating independently.  A private organization lacks the authority to investigate security issues that lead outside its own network property.  The U.S. government must operate within Constitutional constraints, which limit its powers of electronic surveillance, as well as being subjected to privacy restrictions.  Regardless of whether or not you support limits on government surveillance authority, the sheer size of the cyber landscape makes patrolling the electronic frontier an impossible task for any single government agency.

Consequently, the government, and indeed our society, must rely on private organizations to secure their respective pieces of the Internet, as well as to report on risk-relevant information in order to see the big picture.  The latter is a critical task in an evolving cyber war, and is essential to identifying trends on threats, developing timely countermeasures, and in stopping the perpetrators.

The U.S. government must assume a leadership role in orchestrating the overall cyber defense effort.  In particular, it should be investing in cyber security research and development as well as in education and training programs like those at the National Institute of Standards and Technology (NIST). The introduction of progressive legislation and policies such as the landmark Presidential Decision Directive 63 in 1998, Executive Order 13231 in 2001, and the National Policy to Secure Cyberspace, must continue.

However, and as with all expansive government efforts, the challenge is to ensure coherence among the numerous agencies that share cyber security responsibilities.

Certainly there is historical evidence of successful private-public partnerships. The FBI InfraGard program begun in 1996 is one example.  In addition, a collaborative effort between Verizon and the United States Secret Service results in an annual Data Breach Investigations Report that presents useful statistics on breaches of electronic records.

Finally, the cyber security landscape is in a state of continuous flux, driven by the dizzying evolution of computer technology and an abundance of cyber criminals who are intent on exploiting these advances.  Both the private and public sectors have important roles in ensuring the integrity of our country’s information systems.  Using the tenth anniversary of the 9/11 tragedy, where our suffering was unified, is a time to focus on improving private and public collaboration on our cyber defenses, to enhance U.S. national security and to honor the sacrifice of those who died.


Filed under: Cybersecurity • Living With Terror
soundoff (2 Responses)
  1. rajeev

    Glenn Greenwald calls our attention to the ACLU's ten-year commemoration of 9/11. It's a little different from most of the others hitting the news stands this week. No pictures of the twin towers falling, no touching paeans about how we all came together as a nation for a brief shining moment, no photo spreads of exhausted firefighters or grieving relatives. In fact, no pictures at all. It's just plain, sober text about what's happened to our civil liberties over the past decade. Here are a few excerpts:

    Torture: Just as the public debate over the legality, morality, and efficacy of torture was warped by fabrication and evasion, so, too, were the legal and political debates about the consequences of the Bush administration’s lawbreaking. Apart from the token prosecutions of Abu Ghraib’s “bad apples,” virtually every individual with any involvement in the torture program was able to deflect responsibility elsewhere. The military and intelligence officials who carried out the torture were simply following orders; the high government officials who authorized the torture were relying on the advice of lawyers; the lawyers were “only lawyers,” not policymakers. This had been the aim of the conspiracy: to create an impenetrable circle of impunity, with everyone culpable but no one accountable.

    Indefinite detainment: President Obama’s pledge to close Guantanamo was undermined by his own May 2009 announcement of a policy enshrining at Guantanamo the principle of indefinite military detention without charge or trial....The real danger of the Guantanamo indefinite detention principle is that its underlying rationale has no definable limits.

    Targeted assassinations: No national security policy raises a graver threat to human rights and the international rule of law than targeted killing....Under the targeted killing program begun by the Bush administration and vastly expanded by the Obama administration, the government now compiles secret “kill lists” of its targets, and at least some of those targets remain on those lists for months at a time.

    Surveillance: The Obama administration, like the Bush administration before it, has used excessive secrecy to hide possibly unconstitutional surveillance....Hobbled by executive claims of secrecy, Senators Ron Wyden and Mark Udall have nevertheless warned their colleagues that the government is operating under a “reinterpretation” of the Patriot Act that is so broad that the public will be stunned and angered by its scope, and that the executive branch is engaging in dragnet surveillance in which “innocent Americans are getting swept up.”

    Profiling: No area of American Muslim civil society was left untouched by discriminatory and illegitimate government action during the Bush years....To an alarming extent, the Obama administration has continued to embrace profiling as official government policy....There are increasing reports that the FBI is using Attorney General Ashcroft’s loosened profiling standards, together with broader authority to use paid informants, to conduct surveillance of American Muslims in case they might engage in wrongdoing.

    Data mining: Nothing exemplifies the risks our national surveillance society poses to our privacy rights better than government “data mining.”....The range and number of these programs is breathtaking and their names Orwellian. Programs such as eGuardian, “Eagle Eyes,” “Patriot Reports,” and “See Something, Say Something” are now run by agencies including the Director of National Intelligence, the FBI, the Department of Defense, and the Department of Homeland Security....Without effective oversight, security agencies are now also engaged in a “land grab,” rushing into the legal vacuum to expand their monitoring powers far beyond anything seen in our history. Each of the over 300 million cell phones in the United States, for example, reveals its lcation to the mobile network carrier with ever-increasing accuracy, whenever it is turned on, and the Justice Department is aggressively using cell phones to monitor people’s location, claiming that it does not need a warrant.

    But hey, it's just the ACLU. So serious! And such party poopers too. Anyway, aren't they the guys who hate America? I'm pretty sure they are. There's really no need to pay attention to all their tedious whining. Please carry on.

    UPDATE: A few moments after I wrote this, I turned on the TV and found myself watching Time managing editor Richard Stengel intone the banal conventional wisdom that the lesson of 9/11 ten years later is that "we've recovered, we've moved on."

    God no. Just no. I don't care how many people say this, or how many times they repeat it. It isn't true. Just yesterday we declared ourselves thrilled by the news that maybe someday in the future we'll be able to board a plane without first taking off our shoes. Thrilled! Listen to the ACLU. We haven't even come close to moving on.

    And Now, a Brief Word From the ACLU

    September 8, 2011 at 1:41 pm | Reply
  2. rajeev

    Report – A Call to Courage: Reclaiming Our Liberties Ten Years After 9/11

    An ACLU report release to coincide with the 10th anniversary of 9/11 warns that a decade after the attacks, the United States is at risk of enshrining a permanent state of emergency in which core values must be subordinated to ever-expanding claims of national security. (More on Civil Liberties After 9/11 »)

    The report, entitled, "A Call to Courage: Reclaiming Our Liberties Ten Years after 9/11," explores how sacrificing America's values – including justice, individual liberty, and the rule of law – ultimately undermines safety. (Read the full report »)

    Everywhere And Forever War

    The report begins with an examination of the contention that the U.S. is engaged in a "war on terror" that takes place everywhere and will last forever, and that therefore counterterrorism measures cannot be balanced against any other considerations such as maintaining civil liberties. The report states that the United States has become an international legal outlier in invoking the right to use lethal force and indefinite military detention outside battle zones, and that these policies have hampered the international fight against terrorism by straining relations with allies and handing a propaganda tool to enemies.

    A Cancer On Our Legal System

    Taking on the legacy of the Bush administration's torture policy, the report warns that the lack of accountability leaves the door open to future abuses. "Our nation's official record of this era will show numerous honors to those who authorized torture – including a Presidential Medal of Freedom – and no recognition for those, like the Abu Ghraib whistleblower, who rejected and exposed it," it notes.

    Fracturing Our “More Perfect Union”

    The report details how profiling based on race and religion has become commonplace nationwide, with the results of such approaches showing just how wrong and ineffective those practices are. "Targeting the American Muslim community for counterterrorism investigation is counterproductive because it diverts attention and resources that ought to be spent on individuals and violent groups that actually pose a threat," the report says. "By allowing – and in some cases actively encouraging – the fear of terrorism to divide Americans by religion, race, and belief, our political leaders are fracturing this nation’s greatest strength: its ability to integrate diverse strands into a unified whole on the basis of shared, pluralistic, democratic values."

    A Massive and Unchecked Surveillance Society

    Concluding with the massive expansion of surveillance since 9/11, the report delves into the many ways the government now spies on Americans without any suspicion of wrongdoing, from warrantless wiretapping to cell phone location tracking – but with little to show for it. "The reality is that as governmental surveillance has become easier and less constrained, security agencies are flooded with junk data, generating thousands of false leads that distract from real threats," the report says.

    “A Call to Courage” points out that many controversial policies have been shrouded in secrecy under the rubric of national security, preventing oversight and examination by the public. "We look to our leaders and our institutions, our courts and our Congress, to guide us towards a better way, and it is now up to the American people to demand that our leaders respond to national security challenges with our values, our unity – and yes, our courage – intact."

    http://www.aclu.org/national-security/report-call-courage-reclaiming-our-liberties-ten-years-after-911

    September 8, 2011 at 12:47 pm | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.