Divisions
INTRODUCTION
In the cyber domain the United States’ borders are not protected by allies or oceans, allowing adversaries unprecedented proximity to the United States’ critical infrastructure. Recent major cybersecurity events have clearly outlined the scope of the threats we face. The United States needs to prepare a whole-of-nation strategy to rebuff these threats in cyberspace. Though our adversaries are not coordinating their efforts, their combined efforts are force-multiplying each other’s work.
According to our panelists, and experts throughout the field, the United States’ critical infrastructure is extremely vulnerable to nation-state perpetuated cyber aggression.. The companies themselves, as well as the chain of businesses which support them, are being breached daily. Many private and public companies responsible for American’s most critical functions lack basic cybersecurity hygiene. Critical infrastructure are high value targets, especially during wartime. What is different now is that the U.S.’s adversaries are going after these assets during peacetime. The escalating scope, scale, and impact of ransomware since the beginning of the pandemic have grown significantly, and reporting of these attacks has increased dramatically.
Based on the recent summit between President Biden and Vladimir Putin, this is only the beginning of the beginning, not the beginning of the end of cyber negotiations. According to General Nakasone, Commander of US Cyber Command, who said this during a public Congressional hearing, Russians have compromised electrical grid. Them pulling the trigger would be catastrophic. The United States must make a whole of nation effort to prepare for this ever-growing threat surface.
The Potomac Institute’s esteemed panelists provided insights into the world of cyber criminality and warfare, considered the geopolitics of cyberspace, and offered their thoughts and recommendations as to how our nation can respond.
NATION STATES as SAFE HARBORS for CRIMINALS
Criminals are safe from extradition The idea that Russia, for example, is not perfectly aware of the cybercriminals that operate out of the country is naïve. The criminals, for their part, may be acting almost entirely out of desire for money, but the states that harbor them are getting something much more important: they are gaining an infrastructure of capable, skilled, and often trained individuals that can conduct sophisticated, and sometimes devastating, cyber operations. Though not conducted at the behest of adversarial governments, these criminal gangs run like a mafia-protected system in Russia.
The United States must develop a separate strategy for deterring foreign cyber criminals.cybercriminals. to halt further. For example, cybercriminals took down the health system in Ireland, and that attack directly caused deaths in that country. Similar, and potentially worse attacks than that have already occurred in the United States. The United States government would be naïve to assume that it will not happen again. The United States government needs to make it clear that countries that harbor cybercriminals will face consequences.
According to one of the panelists, a potential course of action would be to designate these cybercriminals as terrorists. That would provide the administration important tools to take down these networks through extra-territorial actions. Some experts believe that the United States, in accordance with the Law of Armed Conflict, in the name of self-defense, could go into foreign territory and break up cybercriminal networks. The United States needs to rely on its allies in creating an international understanding that conducting what is effectively state-sponsored cyber-terrorism is unacceptable.
NOTABLE ADVERSARIES
RUSSIA
To understand Russia, one must look at the larger geopolitical picture. President Putin has found innovative ways to exert influence through cyberspace regardless of their comparative conventional military disadvantage. One of our panelists believes that their goal is to bring cyber weapons into the arms control regime and to be recognized as a major global player, especially in the eyes of eastern European states as the European Union weakens.
The Russian government has made concessions to the United States, saying that they would crack down on cyber gangs within their country. Our experts agree that Putin and his administration are well aware of the cybercriminal activity taking place within their borders. This is likely an empty gesture, and the United States should operate under the assumption that attacks from this region will continue.
CHINA
For years, the Chinese goals in cyberspace focused intellectual property theft, industrial espionage and collecting as much personal identifying information on as many people around the world as they could.
The Chinese endeavor to control the very infrastructure and technology that forms the foundation of the internet.. They’ve doubled down on efforts to control 5G networks, the microelectronics that we use in our systems, and access points around the world. This is a growing concern that will need to be addressed.
RECOMMENDATIONS
One of the panelists argued that efforts to navigate this era of cyber warfare need to be led by the White House. The Executive Order from May of 2021 made significant progress in establishing standards for government agencies. However, this is not enough to protect our largely privatized critical infrastructure.
As cybersecurity events continue to threaten critical infrastructure in the United States, the whole nation needs to have a concerted strategy. Cyber threats should be no exception. There are many avenues by which the United States can impose consequences to those countries harboring cyber criminals. The difficult question to answer, however, is what is the proportional response?
Most of our critical infrastructure – 85% of it – is in the hands of the civilian sector. Congress must produce legislation that can effectively incentivize companies to make the necessary investments to insulate themselves and their customers from harm driven by gaps in cybersecurity. The government, for the sake of the public good, must ensure this level of security.
CONCLUSION
The United States faces an unprecedented threat in cyber space. Every adversary should be taken seriously. Our infrastructures have such true vulnerabilities at the cores of every system that it is relatively inexpensive and easy to cause harm. With that in mind, we should not focus all of our efforts on one single threat. A unified strategy that can handle the growing threat of cyber criminals as well as the growing list of nation-state actors is an imperative that must be met.
For BNN Bloomberg
Huawei's Chinese ties pose risk to 5G networks: Former cybersecurity consultant to U.S. presidents
Melissa Hathaway, president of Hathaway Global Strategies and former cybersecurity consultant for U.S. presidents Barack Obama and George W. Bush discusses the risks of allowing Huawei to access 5G networks.https://www.bnnbloomberg.ca/video/huawei-s-chinese-ties-pose-risk-to-5g-networks-former-cybersecurity-consultant-to-u-s-presidents~1969869
For ITWorld Canada:
There’s no way to mitigate the possibility that network equipment from Huawei Technologies could be used by Chinese intelligence agencies for spying in Canada’s fledgling 5G networks, says a U.S. cyber expert.
“In my opinion, the risks cannot be mitigated,” Melissa Hathaway, president of a Virginia-based consultancy, a distinguished fellow at the Centre for International Governance Innovation based in Waterloo, Ont., and an advisor to two U.S. presidents said in an interview.
“I agree with what our British colleagues have said: Their [software] code is buggy; it has a lot of vulnerabilities in it … Their personnel really don’t know how to do secure coding. And 5G is really about secure coding because it’s about a software-defined network. You have to be able to code with security and resilience in mind to be sure the equipment you’re deploying or selling isn’t easily manipulated. So I start with that.”
The second problem, she added, is that China’s National Intelligence Law of 2017 requires any person or organization to support the state and whatever it wants, so “with 5G you can direct the company to just siphon off the data.” see full article here.
University of Waterloo: DEFENCE AND SECURITY FORESIGHT GROUP
Watch Defence and Security Foresight Group (DSF-G) webinar on the roll-out of 5G technology in Canada. Our panelists discuss the importance of 5G adoption to Canada’s competitiveness and its digital economy. They also discuss some of the arguments found in public and security sector debates about the threats and challenges of foreign ownership of this key infrastructural development. As different countries will experience unprecedented digital change connecting more of our critical business applications and infrastructures to the Internet — driving innovation and GDP growth, 5G technology will be essential to our economic growth. However, along with these opportunities comes unprecedented vulnerability. This panel highlights the associated risks of 5G deployment and adoption and will explain what risk mitigations are being explored by countries and companies globally. Visit the webpage here.
Melissa Hathaway is Senior Fellow and Member of Potomac Institute Board of Regents
Melissa Hathaway, Member, Board of Regents and Senior Fellow, leading cybersecurity expert and Cyber Readiness Index (CRI) principal investigator was the featured speaker in the “5G Digital Transformation in the New Economy,” the Ontario Chamber of Commerce’s COVID-19 Expert Webinar. The event encompassed discussion of the great digital divide in our current environment, digital asset transformation, 5G evolution, and the digital economy.
"Our countries and companies are racing to capture the #digital opportunity of #IoT (127 new devices connect every second!) and #5G — they will generate $13 trillion of economic value by 2035." -Melissa Hathaway
Melissa Hathaway, cyberspace policy and cybersecurity leader, brings a multi-disciplinary and multi-institutional perspective to strategic consulting and strategy formulation for public and private sector clients. She developed a unique methodology for evaluating and measuring national levels of preparedness for certain cyber security risks, known as the Cyber Readiness Index (CRI). She has served in two U.S. presidential administrations, spearheading the Cyberspace Policy Review for President Barack Obama and leading the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush. At the conclusion of her government service, she received the National Intelligence Reform Medal in recognition of her achievements.
Watch Melissa Hathaway in the “5G Digital Transformation in the New Economy” here:
