U.S. Civil Unrest May Move into Cyber Realm
Officials in U.S. federal and state governments need to consider and address the possible cyber risks stemming from the current civilian unrest, cyber experts advise. Until now, the federal government, especially, has had a foreign intelligence focus, said Adm. Michael Rogers, USN (Ret.).
“We are a foreign intelligence organization and yet we find ourselves as a society dealing with a set of internal challenges we have not seen,” the retired admiral said. “I am not arguing that the answer is turning the federal government loose on the domestic environment. That it is not what I'm saying. What I am saying is we need to step back and have a conscious discussion as a society and as a government about what should the role of government capabilities be to understand this dynamic, how should they be used, how should these capabilities be controlled, and what level of oversight and protection should be put in place. We can’t sit here and say that this isn’t something that we need to be concerned about.”
The experts spoke during a virtual Defense Writers Group event on January 12. The event, co-sponsored by the Howard Baker Forum and the George Washington (GW) University’s Project for Media and National Security, was hosted by GW Professor David Ensor, moderated by journalist Frank Sesno, GW’s Director of Strategic Initiatives, and included cyber experts Suzanne Spaulding, former undersecretary for Department Homeland Security, and Adm. Rogers. The admiral was the second commander of U.S. Cyber Command and the 17th director of the National Security Agency, succeeded in 2018 by Gen. Paul Nakasone, USA. Spaulding is part of Congress’ Cyberspace Solarium Commission.
Spaulding pointed to the need to remember lessons from the past on how organizations addressed ‘hacktivists’ or hacker-activists looking to cause harm in the digital world based on ideology. However, the former undersecretary warned that domestic actors could use the cyber domain to interfere with police and military responses to unrest or violence.
“For example, I am very worried about the prospect of disrupting communications between our deployed forces around some of these key dates and potential events coming up,” she stated. “That would certainly be a way of using cyber to have consequences in the real world, to frustrate our ability for a variety of deployed federal forces to communicate and coordinate with each other.”
The events on Capitol Hill on January 6 serve as a stark reminder of what may be possible in the cyber domain, the admiral observed.
“From my perspective you clearly saw, although it was relatively minor, but I think you saw a cyber element of the activity on Capitol Hill on the 6th of January,” Adm. Rogers stressed. He cited reports of thefts of lawmakers’ laptops and cyber-associated physical infrastructure taken from the mob that physically penetrated parts of the Capitol. “From a cyber perspective what really concerns me, and I think it is only a matter of time of when, not if, is I think you are going to see a cyber dimension to domestic unrest. We've seen it manifest itself largely in the physical domain, rioting, protests, marches. You are already seeing an informational aspect to it, and I think you're going to see a cyber dimension.”
The admiral is currently helping to advise states on their cybersecurity postures and found that while these governmental organizations often consider foreign cyber threats, they are not yet as focused on risks from domestic marauders.
“I’ve said, ‘Look, we need to think about the domestic piece in cyber,” Adm. Rogers explained. “We so often spend time on the foreign piece, but we don't spend much time thinking about the domestic piece. We will likely see, in my opinion, over time, people using the ability to penetrate cyber systems to deface websites associated with particular viewpoints, to try to knock offline the cyber capabilities of government organizations, and to attempt to use cyber as a tool to inhibit police and security forces ability to respond.
"If you look at just the physical domain, and you look at the weapons and the capabilities that were within the set of people on Capitol Hill on the 6th of January, and this wasn't true of everyone, but there was clearly an element there that thought, ‘We are going to bring a wide range of tools to help us maximize the damage in the effect of physically penetrating the Capitol,’” he continued.
The experts also noted that the Biden administration will have to sort out the new national cyber director position created by H.R. 6395, the National Defense Authorization Act (NDAA) for Fiscal Year 2021. Title 17, Section 1752 of the NDAA 2021 establishes the Office of the National Cyber Director within the Executive Office of the President, to be headed up by a presidential appointee.
The national cyber director would serve as the president’s principal advisor on cybersecurity policy and strategy. The director would coordinate, among other things, efforts involving information security and data protection; programs and policies intended to improve the United State’s cybersecurity posture; and initiatives to comprehend and deter malicious cyber activity. In addition, the director will engage across relevant government agencies and councils to design and implement a National Cyber Strategy.
“What this unrest shows you is broadly that we had not prioritized [domestic risks],” Adm. Rogers noted. “I think it's fair to say we have underestimated both the level of unrest and the organization within that unrest. There is a level, at least in some components, of clear organization. There is a level of capabilities that some of these groups and individuals are able to bring, and I [see] that expanding into cyber and other areas. And we have to think about this in a way we haven't before.”
