Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

The ODNI Cyber Threat Assessment Is a Driver for a Cyber Deterrence Framework

The guidelines exist for beginning the deterrence effort.
By Terry Roberts

This year's Intelligence and National Security Summit cyber track, which Shawn Henry and I co-chaired, featured many insightful and compelling discussions across several key areas. But none was more enlightening and challenging than the final session focused on “An Unclassified Global Cyber Threat Assessment,” which began with the Office of the Director of National Intelligence (ODNI) national intelligence officer (NIO) for cyber, Sean Kanuck. Offering counterpoint was one of the best internationally focused cyber minds in the business, Melissa Hathaway, president of Hathaway Global Strategies. This panel was moderated by Rear Adm. Sean Filipowski, USN, senior military adviser, Office of the Secretary of Defense-Policy (OSD-P) for Cyber.

Kanuck, who is the first National Intelligence Council NIO for Cyber, announced upfront that he is getting ready to step down from this position after almost five years. Throughout his tenure, Kanuck’s corporate legal and CIA Information Operations Center background has meant he could leverage a rare combination of his international legal mind and his cyber intelligence operational expertise. Ironically, the day he came to speak with us at the summit was the very same day that his boss testified before Congress; DNI Clapper gave his "Statement for the Record, Worldwide Cyber Threats" before the House Permanent Select Committee on Intelligence (HPSCI) on September 10. I recommend the entire statement for the record—it is only a few pages—on the ODNI home page, but the following is the final paragraph:

“In summary, the breadth of cyber threats posed to U.S. national and economic security has become increasing diverse, sophisticated, and impactful. Cyber Intelligence—collecting, analyzing, and disseminating intelligence on the intentions, capabilities, and operational activities of foreign cyber actors—is one of the core objectives in National Intelligence Strategy we produced last year to guide the activities of the Intelligence Community. Ensuring the integration of such activities in support of our policy makers and national security is a core mission for the Office of the Director of National Intelligence, and was one reason the President directed me to form a Cyber Threat Intelligence Integration Center (CTIIC). I look forward to working with this Committee to enable the Intelligence Community in general and CTIIC in particular to support our nation in this vital area. Thank you.”

We also discussed how the DNI’s Cyber Threat Assessment was a driver for the U.S. government to focus on a Cyber Deterrence Framework, to include the following points: There are more cyber bad actors than ever before—political activists, criminals, spies and business disruptors—who are having a greater impact and are proliferating their tools and methodologies; the role of the private sector is as it should be—of ever greater prominence because of its ownership of the vast majority of information technology and network infrastructure—but it was the U.S. government that in the end had to protect all from state-sponsored cyber theft and fraud; and the impact of the Internet of Things (IoT) is only just now being discovered—with much more to come.

As a result of all these points, we have to focus on how to develop a framework for cyber deterrence consisting of at least four key components: universal transparent rules; key private and public sector partnerships; the ability to detect, monitor and verify; and a stable security architecture.

Within DNI Clapper’s statement for the record to the HPSCI, cyber deterrence is discussed in the following way:

“Numerous actors remain undeterred from conducting economic cyber espionage or perpetrating cyber attacks. The absence of universally accepted and enforceable norms of behavior in cyberspace has contributed to this situation. The motivation to conduct cyber attacks and cyber espionage will probably remain strong because of the relative ease of these operations and the gains they bring to the perpetrators. The result is a cyber environment in which multiple actors continue to test their adversaries’ technical capabilities, political resolve, and thresholds. The muted response by most victims to cyber attacks has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation. Additionally, even when a cyber attack can be attributed to a specific actor, the forensic attribution often requires a significant amount of time to complete. Long delays between the cyber attack and determination of attribution likewise reinforce a permissive environment.”

Of course, a permissive environment does not provide a foundation for deterrence. Many of us who have been tackling cyber challenges for the past two decades have found the thorny issue of deterrence is one of the toughest, because the normal framework for deterrence has to be rewritten to accommodate a virtual world. At the onset we need to determine:

  • Who are the parties involved—only state powers?
  • Where does this continuous dialogue take place?
  • What is allowed and what is not allowed?
  • How is activity tracked and verified?
  • What is the measured and appropriate response?

But just because this is a complex virtual arena does not mean we should not take this on. We should, so let’s start in earnest the open discussion and debate.

Terry Roberts, a former deputy director of Naval Intelligence, is the founder and president of WhiteHawk.

Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA