2011-11-14-10.43.41-pm1

Foreword:

We live in a most dynamic time for innovation and collaboration among individuals, organizations, and governments. It does not take a cyber expert to realize that the Internet has become a part of our daily lives. But technology has continued to outpace the development of applicable laws and policies. This gathering marks a significant step toward much needed dialogue among stakeholders

Over the past two decades, our dependence on cyberspace has grown exponentially to encompass both our economic prosperity and social wellbeing. Still, the same mechanics that enable such prosperity simultaneously contribute to threats in this domain. Technology permits us to communicate instantly throughout the world and gives us access to libraries of information at the touch of a key. These same tools have also put us at risk because terrorists and criminals also interact in this domain.

This is not just an American problem; it is a universal problem. Gatherings of stakeholders will be critical to furthering cooperation on an international scale, as cyberspace knows no borders. It is clear that the global community is not organized to compete with the cyber threat nor is it keeping pace with developing technology. Therefore, we must invest in partnerships between public institutions, private industry, and a mix of the two. Considering its longstanding technical leadership in this field, the United States has an opportunity to take the lead—working with partner nations—on international norm development. The international community must also commit to creating better organizations and capabilities to improve cybersecurity through both technical and legal means.

One of the great challenges for international cooperation in cyberspace is the inability of governments to confront their own domestic cyber problems. We have learned from the Cold War that communication and engagement are critical to avoid massive destruction. Cyber weapons have the potential to wreak havoc on societies across the globe, and, as with many new weapons technologies throughout history, some governments are attracted to this new “super-weapon.” But this weapon’s effects are truly global. In the twenty-first century, leaders must move away from a classic deterrence model and toward a cooperative approach, as cybersecurity involves not only governments, but also industry and individuals.

Ultimately, engagement is a process. If we fail to address growing concerns among nation-states and individuals about security in cyberspace, we will surely experience great loss. To protect its interests, governments ought to develop well-defined doctrines for activity in this domain, including peacetime and times of conflict. My hope is that my granddaughter will continue to experience the benefits of technology and live prosperously in a truly global village.

– Brent Scowcroft

Panel: Cyber

Click here to view videos and a transcript of the 2011 conference.

Cyberspace has made the global community more interconnected than at any time in human history. With its numerous benefits, however, come significant risks to both states and non-state actors. In order to mitigate these risks and ensure the security of the cyber domain, states must come together and establish a normative framework of state responsibility in which diplomatic and military actions can be undertaken effectively.

  • The Five Futures of Cyber Conflict and Cooperation by Jason Healey | Read 

The Internet has changed dramatically over the past several decades and will surely continue to evolve in years to come. The author explores five possible futures of cyberspace - Status Quo, Conflict Domain, Balkanization, Paradise, and Cybergeddon - and discusses what each might entail for future generations of Internet users.

  • The Stuxnet Enigma: Implications for the Future of Cybersecurity by Irving Lachow | Read

In July 2010 an incapacitating computer virus wiped out 60 percent of Iran’s computer network, effectively crippling the country’s uranium enrichment capabilities. Little is known about the exact source and purpose of Stuxnet, but the attack has awakened the international community to the very real dangers that even nation-states face in the cyber domain. The author argues that similar attacks are very likely to occur in the future, and offers recommendations to policymakers for mitigating their effects.

  • Responding to Sub-Threshold Cyber Intrusions: A Fertile Topic for Research and Discussion by Herb Lin | Read

Adversarial actions take many forms in cyberspace. It is often difficult to attribute an attack or exploitation to a particular culprit in the cyber domain, and there is currently no clear threshold for determining a government’s response to an attack. The author explores several different types of cyber intrusions, discusses how they are unique from kinetic operations, and presents a response framework for the U.S. government.

  • Cyber Security: An Integrated Governmental Strategy for Progress by Franklin Kramer | Read 

As both the public and private sectors become increasingly reliant on the Internet, maintaining security in cyberspace is emerging as a national priority. The author outlines a comprehensive approach to improving cybersecurity that would prioritize governmental efforts to use resources more efficiently and increase the prospects for success.

Cyber threat actors operate all over the world and evade detection and prosecution by utilizing a complex web of cyber tools. In order to combat cyber threats, the public and private sectors must come together and combine resources. The authors discuss the National Cyber Forensics & Training Alliance, a non-profit organization that draws on private industry, academia, and law enforcement organizations to neutralize the threats posed by cyber criminals.

  • Counterinsurgency in Cyberspace by John Mills | Read

Over the past decade, irrational non-state actors have moved to the forefront of international conflicts and have defied the way that nation-states combat adversaries. Cyber insurgents are no different, and pose a particularly significant threat to both state- and non-state actors because of the cyber domain’s low cost of entry and the the veil of anonymity it provides. The author draws on lessons from military counterinsugency operations and presents a strategy for national security professionals to combat insurgents in cyberspace.

The Executive Branch faces numerous complex challenges in a variety of domestic and international arenas. Strengthening our information security posture is certainly one of them, and the Administration must take a bold approach to accomplishing this end. The author presents a unique strategy for strengthening cybersecurity, recommending that the Executive Branch should call upon three independent regulatory agencies - the SEC, FCC, and FTC - to support our information infrastructure and protect American enterprise.
National governments must project power in cyberspace in order to remain relevant and ensure their security in this increasingly important domain. In order to adjust to the challenges of exercising cyberpower, governments must work with a wide range of actors in the private sector and civil society. The author draws on collaborative models from ground operations in Iraq and Afghanistan and discusses the various ways that national governments can coerce, co-opt, or convince non-state actors to cooperate with them.

Cyberspace is not a peaceful environment. Threat actors abound and will target individuals, companies, and entire nations. Establishing and maintaining effective cybersecurity requires cooperation between the private and public sectors. By collecting and sharing information about cyber criminals and those who enable them to operate, defensive public-private alliances will be able to "connect the dots" between cyber attacks and their perpetrators. 

  • China's Cybersecurity Challenges and Foreign Policy by Gao Fei | Read

China’s economic growth has spurred an explosion of Internet use among the Chinese population, but the country’s efforts to maintain cybersecurity have not kept pace. As both the target and source of numerous cyber exploitations, China is a critical actor in the global cyber domain. The author discusses some of the cyber-related challenges that the Chinese government faces within its own borders as well as its posture towards other nations’ policies.

  • Protecting the National Interest in Cyberspace by Koen Gijsbers and Matthijs Veenendaal | Read

As a country with one of the highest levels of Internet penetration in the world, the Netherlands has made cybersecurity a major priority for both the government and the military. The authors discuss the country’s cybersecurity strategy and argue that public-private partnerships, better understanding of the nature of cyber attacks, and greater investment in creating skilled cybersecurity specialists are all necessary for combating future cyber attacks.

In May of this year, the Obama Administration released its International Strategy for Cyberspace, which aims to enhance prosperity, security, and openness in the cyber domain. The authors argue that the strategy is necessary as the Internet continues to gain importance for both the public and private sectors, but that much needs to be done in order for it to be effective. Highlighting key decisions and actions that must still be made, the authors offer recommendations for implementing the Administration’s plan successfully.

  • The Geo-Political Strategy of Russian Investment in Facebook and Other Social Networks by Jeffrey Carr | Read

Over the past two decades, three powerful individuals have fueled the exponential growth of the Russian Internet. They have invested millions in social networking outlets such as Facebook and have created a wide range of Internet services companies and sites of their own. With strong ties to the Russian leadership, however, these men actually serve the interests of the Kremlin, and may support efforts to limit freedom of information and quash political opposition.

In order to protect its citizens from the numerous threats that exist in cyberspace, the U.S. government must collect, process, analyze, and share volumes of information among its agencies. The government’s oversight and monitoring increasingly conflict with its constitutional protections of individual liberties, however, and may infringe upon the privacy of innocent individuals who use the Internet. The author proposes a unique Privacy Assurance model that would use a "black box" to protect user information while sifting out patterns of reasonably suspicious behavior on the Internet.