Cybersecurity Is Crucial to National Security
Both its complexity and its importance are growing exponentially.
No one doubts the growing importance of cybersecurity. Attackers now can penetrate virtually every aspect of society through cyberspace. Accordingly, the U.S. government has given cybersecurity a high designation relative to national security. But simply labeling the problem does not provide a solution that ultimately must be developed by a broad cooperative venture by skilled professionals across the spectrum of government, industry and academia.
In March 2014, the Defense Department chief information officer (CIO) mandated in the DODI 8500.01 “cybersecurity” instruction that the term “cybersecurity” would replace the term “information assurance.” Probably not willing to go through the challenging months of obtaining combatant commanders, military service and Defense Department agencies buy-in on “the terms of reference” definitions, the CIO mandated that President Bush’s 2008 Presidential Directive (PD) 54 would define cybersecurity. PD 54 also identified the definitions of cyber terms such as “cyber incident,” “cyber threat investigation” and “cyberspace,” along with cybersecurity.
PD 54 defines cybersecurity as meaning the prevention of damage to, protection of and restoration of computers, electronic communications systems, electronic communication services, wire communications and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality and nonrepudiation. Imagine trying to obtain a common definition agreement if the defense CIO had not used an existing document.
Aaron Boyd, writing for Federal Times on February 4, quoted James Clapper, director of national intelligence (DNI), as stating that cybersecurity is a critical component of national security. The proper term is critical element of national security (CENS). Clapper’s comments raised the importance of cybersecurity and complemented positions expressed by Adm. Mike Rogers, USN, commander, U.S. Cyber Command/director of the National Security Agency, and Jeh Johnson, secretary of homeland security. Clapper said that cyber issues have become the top threat to U.S. security, and his equating cybersecurity as a CENS catapults it to the top of the information technology ladder.
Other CENS include national security elements such as power, water, transportation, defense, economy and food. For what may be the first time, an information technology area has been expressed directly as a CENS. Translating this into policies/doctrines along with skilled personnel will be challenging, but a CENS is critical to national security. Finding a definition of a CENS is not easy. Some equate it maintaining the safety and security of a nation’s citizens. I lean toward a CENS definition that if such an element is destroyed, disrupted, rendered impotent or severely diminished that it would lead to national anarchy.
Some of the challenges at the national level for cybersecurity include ensuring survivability and effectiveness. I believe all of us are in agreement that an ongoing cyber war is ranging from global to individual levels. A lot of efforts also are underway in corralling cybersecurity in such an architecture that it is ready for any situation.
Thousands of adversaries are trying to control varied portions of the Internet of Things (IoT). But as the Internet grows, other new technologies such the continuing introduction of artificial intelligence (AI) and quantum will bring with them a Complexity of Things (CoT) as the global Internet proceeds in a continuum of connectivity.
In a couple of my SIGNAL blogs—“Artificial Intelligence is a Technology that Divides” and most recently “Quantum Artificial Intelligence, Dilbert, and Duct Tape"—I referred to the challenges and concerns that AI would bring. On February 9, DNI Clapper warned the Senate Select Committee on Intelligence of similar concerns that AI would create new cybersecurity risks because, “AI systems are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand.”
As cybersecurity becomes the CENS as defined by DNI Clapper, it also finds itself faced with ever evolving technologies, such as AI and quantum, that further will exacerbate the challenges of survivability and assurance. Social engineering will continue to be a vulnerability.
Some promising technologies include end-product, behavior analytics and cybersecurity-based AI/quantum. Regardless, effective policy/doctrine executed by skilled professionals is going to be a synergy that is needed across the cybersecurity spectrum.
David E. Meadows is a retired U.S. Navy captain and the author of the Sixth Fleet series, along with Seawolf, Tomcat, Final Run and other action-adventure novels.