The Trump Administration has released a comprehensive National Cyber Strategy (NCS) that, if fully implemented, could address claims that the critical issue of current cyberspace threats are not being taken seriously enough. The report outlines a plan that spans all federal agencies, directing how they should work separately and in tandem with private industry and the public to detect and prevent cyber attacks before they happen, as well as mitigate damage in the aftermath.
The NCS is the first formal attempt in 15 years to plan and implement a national policy for the cyber arena and takes the form of a high-level policy statement rather than the more targeted method of a Presidential directive. The plan offers plenty in the way of big picture goals, but critics will watch to to see whether forthcoming details will emerge in the coming months and years to fill in the gaps with specific action.
With the release, the Administration formally recognizes that cyberspace has become such an entwined part of American society as to be functionally inseparable. The bottom line is that cybersecurity now falls under the larger umbrella of national security and is not considered a standalone entity.
Army Lt. Gen. Paul Nakasone, speaking at his recent confirmation hearing for the position of leader of U.S. Cyber Command and the secretive National Security Agency, emphasized the importance of this moment in our national history: “We are at a defining time for our Nation and our military…threats to the United States’ global advantage are growing — nowhere is this challenge more manifest than in cyberspace.”
Sifting through the digital pages of the NCS document reveals the Administration’s focus on the four conceptual pillars of National Security that now have been expanded to accommodate cyber concerns.
Pillar 1: Protecting and Securing the American Way of Life
Considering the present mashup state of the federal procurement process, the new aim is to secure government computer networks and information, primarily through tougher standards, cross-agency cooperation, and the strengthening of US government contractor systems and supply chain management. Electronic surveillance laws will also likely be bolstered, a reality that may result in the netting of more criminals but poses privacy concerns to those who think that the line has been smudged too times in this area already.
Securing all levels of election infrastructure against hacks and misinformation falls into this category. If recent history is any indication, the coming 2020 presidential election will likely inspire a flurry of attempted cyber intrusions.
Pillar 2: Focus on American Prosperity
Operating on the assumption that economic security is intrinsically linked to national security, the NCS lays out a strategy to achieve financial strength through fortification of the technological ecosystem. Plans are to be developed to support and reward those in the marketplace who create, adopt, and push forward the innovation of online security processes.
Though debates over funds for national infrastructure are eternal, the discussion will now expand to include the security and promotion of technology infrastructure as well, especially as it relates to the 5G network protocol, quantum computing, blockchain technology, and artificial intelligence.
Pillar 3: Peace Through Strength
As the world becomes ever more digitized, criminals have moved offline operations into cyberspace. Perhaps unsurprisingly, the Trump Administration intends to push back hard against efforts to disrupt, deter, degrade, or destabilize the world from both nations and non-nation actors.
National security advisor John Bolton, though refusing to specify operations or adversaries, emphasized the point to USA Today that aggressive action should be expected, saying, “We are going to do a lot of things offensively. Our adversaries need to know that.”
At least part of this offensive strategy will include the creation of an international law framework (called the CDI or Cyber Deterrence Initiative) that will be charged with policing cyberspace behavior and organizing a cooperative response for those who flaunt the standards. The CDI’s stated goals will be to counter sources of online disinformation and propaganda with its own brand of the same.
Pillar 4: Advance American Influence
By staking out an America-first role as thought and action leader in cyberspace, the NCS promises to take the lead in collaborating with like-minded partners to create and preserve a secure, free internet. Considering the well-known surveillance efforts of organizations like the Five Eyes, one can’t help but wonder if the term “internet freedom” is an oxymoron in the making with the government leading the way.
With the NCS, the Trump Administration has laid out a broad platform for addressing cybersecurity concerns. If it’s the down and dirty details of how exactly this will happen you seek, sorry to disappoint, but it’s not in there.
With the next big election close enough to smell, and Congress divided, little to nothing of legislative importance will likely unfold in the near future, including Democrats and Republicans finding the motivation to drag out their Crayons and fill in the president’s cybersecurity outline.
Until then, let’s hope the internet doesn’t implode under an onslaught of fake news, cat videos, and hackers gone wild. One thing you can bet your last dollar on — the topic of cybersecurity won’t go away. Like national security in general, it will remain eternal fodder for future politicians to bat around. As to whether the NCS will actually make a difference, only time will tell.
Meanwhile, Nero fiddles and Rome burns.
About the author: A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography.
Copyright 2010 Respective Author at Infosec Island