Media

National Security Experts Discuss Need for Cybersecurity Cooperation

Around the Bar

The nation’s defense secrets are stolen by hackers working out of an Internet café in Seoul, South Korea and auctioned to the highest bidder. Millions lose power for more than a week during a heat wave due to an invasive computer program that targets electric utilities. The names, birthdates and Social Security numbers of company employees are stolen by organized crime.

National security experts gathered Aug. 3 at the American Bar Association Annual Meeting in Chicago to discuss the growing risk posed by hackers and foreign powers that could infiltrate and disrupt the technology that keeps the United States running.

Suzanne Spaulding, the deputy under secretary for the National Protection and Programs Directorate at the Department of Homeland Security, urged those speaking about cybersecurity matters to “disaggregate the threat.”

“There are really a number of different kinds of cybersecurity threats,” said Spaulding. She went on to identify four major categories of attackers including “hacktivists” like members of the loosely affiliated online group Anonymous who specialize in denial-of-service attacks that cripple webpages; organized crime, which Spaulding characterized as “a serious problem on the Internet;” espionage, which is the nation’s “most significant threat” that is also “absolutely rampant;” and disruption attacks on industrial control systems like the Stuxnet Internet worm that crippled Iranian uranium enrichment in 2010.

The notion of a cyberwar between nations that would collapse technological systems and infrastructures like a conventional war might was discounted. “I don’t really see that on the horizon,” said Spaulding. Still, DHS is working to bring a strategy to respond to cybersecurity threats together. A major component of that desired response is legislation like the Cybersecurity Act of 2012 that would allow the private sector and government to share individual Internet-user information freely. Legislation has stalled in Congress for myriad reasons, but civil libertarians worry that any attempt to loosen restrictions on sharing will constitute a massive and arguably unnecessary invasion of privacy.

Tim Roxey, who serves as the chief cybersecurity officer at the North American Reliability Corporation, is also interested in the government’s response to cyber risks. Roxey referred to the case of the 2012 India blackout that left more than 600 million people without power as a prime example of why there needs to be a concerted effort to prepare for disasters, be they manmade or natural.

According to Roxey, there are many questions that need to be answered especially, as he put it, because “we are living in a world of contested territory.” Those questions include what actions utilities should take in the circumstance of a national emergency and whether there is a military doctrine that determines how to respond to a cyberattack.

Roxey, who works with “three letter agencies” to identify computer virus threats to the utility systems he oversees also discussed the Stuxnet incident. Calling it a “very specific type of attack,” Roxey related how a relatively inexperienced Egyptian student was able to reverse engineer the Stuxnet computer worm shortly after it was deployed against Iran, which presents additional questions about the unintended consequences of using cyberweapons.

Lawyer Paul Rosenweig also has concerns about cybersecurity and views the future of the Internet as a conflict between the “liberal West” and “ordered authoritarianism.” A United Nations committee is considering changing the way the Internet is effectively governed by giving more power to nations to control webpages and their content. Rosenweig believes that UN efforts amount to a “resovereignization of the Internet” and “the single most significant cyberpolicy development of the next 15-20 years.” The United States already stated its opposition to the proposed change.

“The Cybersecurity Legal Puzzle” was sponsored by the Standing Committee on Law and National Security.