Securing Cyberspace for the 44th Presidency

As the nation prepares for the inauguration of Barack Obama as President of the United States, the Center for Strategic & International Studies released an important and disturbing report on cybersecurity, cyber-terrorism and other threats that exist within cyberspace.

---

The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, "Securing Cyberspace for the 44th Presidency." The Commission’s three major findings are: 1. Cybersecurity is now one of the major national security problems facing the United States; 2. Decisions and actions must respect American values related to privacy and civil liberties; and 3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation. Research and development of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector. As quickly as US government agencies upgrade security on their cyber systems, the "hackers" seem determined to bypass or defeat security measures. The cyber threat confronting the United States is rapidly increasing as the number of actors with the tools and abilities to use computers against the United States or its interests is rising. The country’s vulnerability is escalating as the US economy and critical infrastructures become increasingly reliant on interdependent computer networks and the World Wide Web. Large-scale computer attacks on US critical infrastructure and economy would have potentially devastating results. Cyber threats fall into two distinct categories: threats affecting national security that emerged with Internet technology, such as cyber terrorism, foreign-based computer intrusions and cyber theft of sensitive data; and traditional criminal activity facilitated by computers and the Internet, such as theft of intellectual property, online sexual exploitation of children, and Internet fraud. In both categories, cyber attacks, intrusions, illicit file sharing, and illegal use of cyber tools are the basic instruments used by perpetrators. Domestic and foreign terrorist organizations, foreign intelligence actors, and criminal enterprises are increasingly using encryption technology to secure their communications and to exercise command and control over operations and people without fear of surveillance. The Federal Bureau of Investigation must be able to identify and penetrate the command and control elements of these organizations and actors. Recognizing the international aspects and national economic implications of cyber threats, the FBI created a Cyber Division at the headquarters level to manage and direct this developing program. The rapid evolution of computer technology, coupled with the creative techniques used by foreign intelligence actors, terrorists, and criminals, requires investigators and computer security professionals to have highly specialized computer-based skills. The FBI Cyber Program uses a centralized, coordinated strategy to support crucial counterterrorism, counterintelligence, and criminal investigations whenever aggressive technical investigative assistance is required. The Cyber Program also targets major criminal violators with a cyber nexus. The FBI must increase its capability to identify and neutralize enterprises and individuals who illegally access computer systems, spread malicious code, or support terrorist or state-sponsored computer operations. The Bureau must proactively investigate counterterrorism, counterintelligence, and criminal investigative cyber related threats having the highest probability of threatening national security. To do so requires the FBI to constantly upgrade its skills and technology to meet the evolving threat. The National Strategy to Secure Cyberspace identifies national priorities to secure cyberspace, including a federal R&D agenda.Several federal entities are involved in federal cyber security research and development. The Office of Science and Technology Policy and OMB establish high-level research priorities. The Office of Science and Technology Policy is to coordinate the development of a federal research agenda for cyber security and oversee the National Science and Technology Council, which prepares R&D strategies that are to be coordinated across federal agencies. The National Science Foundation and the Departments of Defense and Homeland Security fund much of this research. Federal entities have taken several important steps to improve the oversight and coordination of federal cyber security R&D, although limitations remain. Actions taken include chartering an interagency working group to focus on cyber security research, publishing a federal plan for guiding this research, reporting budget information for this research separately, and maintaining repositories of information on R&D projects. Further, the repositories do not contain information about all of the federally funded cyber security research projects in part because OMB had not issued guidance to ensure that agencies provided all information required for the repositories. As a result, information needed for oversight and coordination of cyber security research activities was not readily available. Federal agencies use a variety of methods for sharing the results of cyber security research with federal and private organizations (technology transfer), including sharing information through agency Web sites. Other methods include relying on the researcher to disseminate information about his or her research, attending conferences and workshops, working with industry to share information about emerging threats and research, and publishing journals to help facilitate information sharing.