Search

Begin New Search Topic Cybersecurity Political Geography North America

31. To Patch or Not to Patch: Improving the US Vulnerabilities Equities Process

Author:
Josh Kenway and Michael Garcia
Publication Date:
06-2021
Content Type:
Commentary and Analysis
Institution:
Third Way
Abstract:
The process that determines when and how the US government discloses unknown cybersecurity vulnerabilities to relevant companies or withholds them for government purposes lacks sufficient accountability, transparency, and public trust. Malicious actors do not hesitate to exploit “zero-day vulnerabilities,” or vulnerabilities that a company has had zero days to patch, with Chinese-based hackers most recently using a zero-day in Microsoft Exchange Servers to infect hundreds of thousands of systems.1 Yet, the government also uses zero-days to carry out activities that are in the nation’s interest and, as a result, does not tell the impacted software or hardware vendor about the vulnerability. In this case, the government determines that the benefit of not disclosing the vulnerability outweighs the consequence of a bad actor potentially exploiting the vulnerability for nefarious purposes. In 2010, the US government created the Vulnerabilities Equities Process (VEP) to convene federal agencies that represent a range of national interests—including security, intelligence, foreign policy, commerce, and civil rights and liberties protection—to weigh distinct perspectives on how vulnerabilities should be patched or briefly kept open for law enforcement, intelligence gathering, or military purposes. However, the VEP is not codified in law and has failed to deliver greater transparency around government retention of vulnerabilities nor ensures accountability for the government’s decisions. Congress and the Biden administration should address deficiencies with the VEP to increase transparency, strengthen accountability, build public and industry trust, and establish a world-leading model for decision-making around what to do about high-value vulnerabilities. This paper details seven steps for the Biden administration to enhance transparency and accountability in the VEP while preserving government priorities, as well as flexibility for the defense of democratic values and institutions.
Topic:
Security, Defense Policy, Science and Technology, Governance, Cybersecurity, and Transparency
Political Geography:
North America and United States of America

32. 2021 Reader’s Guide to Understanding the Proposed US Cyber Enforcement Budget

Author:
Aaron Clarke
Publication Date:
09-2021
Content Type:
Commentary and Analysis
Institution:
Third Way
Abstract:
Cyber attacks in the United States continue to devastate and disrupt day-to-day operations in the private and public sectors. Marked by events like the ransomware attack on Colonial Pipeline that created gas shortages and increased prices, cybercrime impacts everyday citizens, even if they are not directly targeted by an attack. The Department of Homeland Security (DHS) reported that in 2020 there were “over $4 billion in cybercrime losses reported to the U.S. government.”1 This growing cybersecurity threat has only been exacerbated by the rise of cryptocurrencies like Bitcoin and exposed network vulnerabilities from those working from home during the pandemic.2 In response to this influx of cyber attacks, the Biden Administration has taken steps to both bolster the federal government’s ability to detect and respond to cyber attacks as well as protect its own systems.3 The Department of Energy (DOE) and DHS have both made cybersecurity a top priority in their latest initiatives. President Biden called on DOE to launch a 100 day plan aimed at preventing disrupted services for electric utilities, and DHS announced a series of 60-day “sprints” to support private and public partners against ransomware.4 The FY2021 National Defense Authorization Act also created the first U.S. National Cyber Director, tasked to lead the implementation of U.S. cyber policy and strategy, and rapidly improve cybersecurity defense capabilities. Although ransomware attacks have spiked, the federal government has made inroads on combatting cyber criminals. The Cyber Enforcement Budget for FY2022 should continue funding and seek to build on the key improvements and actions taken by the Biden administration. In this guide, we will look at the budget implications for cyber enforcement, recommendations for Congress, and provide a detailed breakdown of the proposed budget’s funding allocations. Specifically, we recommend that Congress should: Restore the $15 million of funding cut from the State Homeland Security Program. The program provides critical grants to states that require recipients spend at least 10% of their grants on cybersecurity needs. Require an alignment of cybercrime goals and outcomes across law enforcement agencies within the Departments of Homeland Security, Justice, and Treasury. Ensure that federal agencies are prepared to implement President Biden’s cybersecurity executive order.
Topic:
Defense Policy, Science and Technology, Law Enforcement, Budget, and Cybersecurity
Political Geography:
North America and United States of America

33. Competition for High Politics in Cyberspace: Technological Conflicts Between China and the USA

Author:
Karina Veronica Val Sanchez and Nezir Akyeşilmen
Publication Date:
01-2021
Content Type:
Journal Article
Journal:
Polish Political Science Yearbook
Institution:
Polish Political Science Association (PPSA)
Abstract:
This paper highlighted the use of cyberspace as a conflict zone by the US and China, focusing on competition in various technological spheres, including cyberespionage, military technology, and Artificial Intelligence (AI). The main purpose of this study was to depict how great powers manipulate the cyber domain for their high political objectives through US-China rivalry. The research has been carried out mainly via literature review, discourse analysis, and relevant statistics. Consistent with previous literature and global public perception, the outcome has shown that both states are using cyberspace as a new domain for completion in trade, technology, and military purposes. Cyberespionage, the militarization of cyberspace, and AI have been the main conflict areas between these two global competitors in the last decade.
Topic:
Security, Science and Technology, Military Strategy, Cybersecurity, Conflict, Strategic Competition, and Information Technology
Political Geography:
China, Asia, North America, and United States of America

34. How To Retain Election Officials To Secure Future Elections

Author:
David Levine
Publication Date:
06-2021
Content Type:
Policy Brief
Institution:
German Marshall Fund of the United States (GMFUS)
Abstract:
The 2020 presidential election was called the most secure in U.S. history, largely due to efforts to protect the nation’s different physical and cyber infrastructure. This was a triumph considering the physical, cyber, and even human assets that make up the election infrastructure have been and continue to be susceptible to threats. In 2020, many states adopted measures to mitigate threats to physical and cyber election assets like voting equipment, ballots, and facilities, as well as computer services and databases that store voter information. For example, states with close results in the 2020 presidential race had paper records of each vote, which gave them the ability to go back and count each ballot if necessary. Other measures such as pre-election testing, state and federal certification of voting equipment, and increased collaboration between election officials and their security partners helped provide additional assurance that the 2020 election results were legitimate. Unfortunately, analogous measures were not in place to protect many of the people—from state and local election administrators to poll workers and vendor staff—who administered the elections. Due in large part to the incendiary rhetoric from former President Donald Trump and his followers, many election officials were threatened and harassed, and such behavior shows no signs of abating. Instead of taking steps to address this problem, many states have passed or are considering passing laws that could make this problem worse. Georgia’s new law removed the Georgia’s secretary of state—who rejected Donald Trump’s effort’s to overturn the state’s 2020 results—from decision-making power on the state election board and turned control of the board over to a politicized, less knowledgeable body: the state legislature. Iowa’s new law threatens election officials with criminal prosecution for failing to follow new voting rules. And Florida recently adopted a rule that subjects its local election officials to a civil penalty of $25,000 if a drop box at an early voting site is left accessible for the return of ballots outside of early voting hours. The unrelenting targeting of administrators—along with unfunded election mandates, threats, burn out, and fatigue—has pushed many election officials to leave or consider leaving their positions. According to a recent Democracy Fund/Reed College Survey of Local Election Officials, approximately one-third of chief local election officials will be eligible to retire before the 2024 election, including more than half of those in the largest jurisdictions, which each serve more than 250,000 registered voters. Considering what many of these election officials and their staffs endured during the 2020 election cycle, and continue to experience, it would be unwise to simply wait and hope that they decide to hang on. Instead, every effort should be made to create an environment that is as conducive as possible for retaining these unsung heroes of the 2020 elections. The ability of the United States to conduct future secure elections may well depend on it. This paper focuses on measures state and local governments can take in concert with their election offices to help retain as many of their high-performing election officials as possible. State and local governments should have support from the federal government and Congress to help address this national security issue, but if the fight over funding the 2020 election is any indication, they should begin taking steps to address this problem now. Below are ten suggestions for how state and local governments can retain their high-performing election officials. None is a “silver bullet,” not all of them will be relevant for each state and local government unit, and some governments have already taken many of these steps. But in addressing election official retention solutions, these suggestions provide remedies for some of the thorniest problems that election officials encounter.
Topic:
Politics, Infrastructure, Elections, and Cybersecurity
Political Geography:
North America and United States of America

35. Bringing Down the Hammer On Chinese Tech

Author:
Dawn M. K. Zoldi
Publication Date:
12-2021
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
Law is what you must do; policy is what you should do. With regard to country-of-origin bans on technology, either one has the effect of the proverbial hammer. Of late, the U.S. government has been wielding that hammer consistently against China in what amounts to an all-out tech war. The most visible fronts have involved Huawei, ByteDance (TikTok), and TenCent (WeChat). However, a lesser-known conflict relating to the commercial drone sector involves Da Jiang Innovations (DJI), a Chinese technology company headquartered in Shenzhen, Guangdong. It is a three-pronged assault based on cybersecurity, national security, and human rights concerns. Will the U.S. commercial drone ecosystem get hammered in this conflict?
Topic:
Human Rights, National Security, Science and Technology, Cybersecurity, and Drones
Political Geography:
China, Asia, North America, and United States of America

36. Exposing the Financial Footprints of North Korea’s Hackers

Author:
Jason Bartlett
Publication Date:
11-2020
Content Type:
Special Report
Institution:
Center for a New American Security (CNAS)
Abstract:
North Korea conducts intricate and sweeping cyberattacks against the United States and its allies to acquire funds to support its illicit nuclear proliferation efforts. Unlike more economically advanced nuclear states possessing domestic research, development, and deployment capacities to establish weapon of mass destruction (WMD) programs, the Democratic People’s Republic of Korea (DPRK) must seek financial resources, assistance, and institutional knowledge, at least initially, from overseas. It has developed its cyber capabilities in order to circumvent financial sanctions and global safeguards, conducting elaborate online bank heists and hacking attacks; stealing funds through fraudulent bank transfers, Society for Worldwide Interbank Financial Telecommunications (SWIFT) transactions, and ATM cash-outs; launching ransomware attacks demanding payment in cryptocurrency; and hacking cryptocurrency exchanges. The scale and sophistication of these innovative sanctions evasion tactics create a challenge that calls for stronger measures to confront them. In addition to providing policy recommendations for U.S. leadership and financial institutions, this report will outline the ways North Korea supports, expands, and utilizes cyber operations to acquire funds for its nuclear weapons program.
Topic:
Science and Technology, Cybersecurity, and Finance
Political Geography:
Asia, North Korea, North America, and United States of America

37. Defense Technology Strategy

Author:
Paul Scharre and Ainikki Riikonen
Publication Date:
11-2020
Content Type:
Special Report
Institution:
Center for a New American Security (CNAS)
Abstract:
The Department of Defense’s (DoD) ever-shifting technology priorities jeopardize its ability to win a long-term technology competition. The DoD needs a systematic approach—a technology strategy—for how to prioritize technology investments. The dominant global tech trend today is the information revolution, which is leading to exponential growth in digital capabilities. The top priority of the DoD’s technology strategy should be rapidly spinning in and militarizing digital technologies generated in the private sector. The DoD should invest in key military-specific technologies, such as hypersonics or directed energy weapons, when there is clear operational value but should expect advancements to be incremental.
Topic:
Defense Policy, Science and Technology, Cybersecurity, and Investment
Political Geography:
North America and United States of America

38. NATO’s needed offensive cyber capabilities

Author:
Ion A. Iftimie
Publication Date:
05-2020
Content Type:
Policy Brief
Institution:
NATO Defense College
Abstract:
At the 2016 NATO Summit in Warsaw, cyberspace was recognized as an operational domain in which NATO military forces must be able to maneuver as effectively as they do on land, at sea and in the air. Since then, Allies have conducted several successful offensive cyber operations against non-state adversaries, such as Daesh. Due to technological transformations in recent years, cyber is no longer viewed by NATO and its member states only as a hybrid threat, but also as a weapon in its own right and as a force multiplier in current military operations. Over the next two decades, NATO will look for new ways to integrate cyber weapons (or offensive cyber capabilities) into its operations and missions.
Topic:
Defense Policy, NATO, Non State Actors, and Cybersecurity
Political Geography:
Europe, North America, and Global Focus

39. Between the Chinese Dragon and American Eagle: 5G Development in the Baltic States

Author:
Maya Guzdar and Tomas Jermalavicius
Publication Date:
08-2020
Content Type:
Special Report
Institution:
International Centre for Defence and Security - ICDS
Abstract:
In the course of 2018-20, development of Fifth Generation (5G) communication networks has been increasingly influenced by the considerations of national security and geopolitics. The largest provider of 5G equipment, the Chinese mobile telecom giant Huawei, has come under fire from the U.S., Czechia, Poland, and other nations in recent years for attempted espionage, theft of intellectual property and other nefarious activities; in the past month, UK decided to ban Huawei technology from its networks. All this comes into sharp focus as the geopolitical confrontation between Washington and Beijing reaches new heights. However, China is one of the EU’s largest trading partners and has worked to establish its economic, political, and cultural influence in various Member States. The EU and NATO have both released standards for member states must use when gauging the security of potential 5G networks. Yet, the EU in particular has not enacted a blanket ban or sweeping restrictions on the Chinese 5G equipment providers, leaving the tradeoffs between national security, technological progress and cost-efficiency to individual states. Although the Baltic states are well-versed in dealing with cybersecurity challenges, their road to 5G development is going to be complex. Whole-of-society awareness, political diligence, technical competence, regional cooperation, and resilience to Beijing’s influence operations are needed in forging a clear path to 5G that is aligned with their key geopolitical interest—maintaining their close strategic alliance with the United States. This brief aims to explore the geopolitical factors at play in determining the Baltic states’ 5G policy and regulations, with a particular focus on the EU, U.S., and China’s influence. It also provides a short of overview of the state of current 5G networks and regulations in the Baltic states while identifying challenges that the region will face in the coming years.
Topic:
Security, NATO, Science and Technology, European Union, Cybersecurity, Resilience, and 5G
Political Geography:
China, Asia, North America, United States of America, and Baltic States

40. Journal of Advanced Military Studies: Spring 2020

Author:
Donald M. Bishop, Valerie Jackson, Christopher Davis, Evan N. Polisar, Kerry K. Gershaneck, Troy E. Mitchell, James R. R. Van Eerden, Rosario M. Simonetti, Paolo Tripodi, David E. McCullin, Christopher Whyte, and Jeannie L. Johnson
Publication Date:
03-2020
Content Type:
Journal Article
Journal:
Journal of Advanced Military Studies
Institution:
Marine Corps University Press, National Defense University
Abstract:
In 2010, MCU Press published the first issue of this journal, formerly known as Marine Corps University Journal, to serve as the bridge between the military Services and the professional military educators, strategists, and historians within the greater Department of Defense community. During the ensuing years, the press and the journal have evolved to offer innovative and active content that continues to serve as a forum for interdisciplinary discussion of national security and international relations issues and how they impact the Department of Defense, the Department of the Navy, and the U.S. Marine Corps. Now, 10 years later, we see the need to evolve and offer a wider base for those conversations to take place. To celebrate this 10-year anniversary and to reflect the journal’s change in focus over time, the journal has been renamed the Journal of Advanced Military Studies (JAMS) to honor the constant innovation of our content, our authors, and the topics we present to our readers. JAMS will continue to offer readers thematic, biannual issues that encourage and continue the debates happening across Marine Corps University, the Services, and the Department of Defense. It is no coincidence then that this issue of JAMS focuses on innovation and the future of warfare. Each of the articles presented offers the readers a deep dive into a historical, current, or forward-looking perspective on innovation and the military Services. As with any discussion of the military and abstract concepts such as innovation, we must first set the parameters of our discussion. For many readers, the term innovation evokes thoughts of technology, shiny gadgets, and artificial intelligence. While innovation is not necessarily synonymous with technology, it is certainly a challenge to say what in fact it is—a thing, a concept, an action, the people involved, or all of the above. The experts may not agree on what innovation is, but they can agree that it requires change or transformation to be successful. Sun Tzu’s The Art of War compares the nature of warfare to that of water for “just as water retains no constant shape, so in warfare there are no constant conditions.” More contemporary agents of innovation include military theorists such as Earl H. Ellis, John R. Boyd, Michael D. Wyly, and John F. Schmitt. Lieutenant Colonel Earl Ellis’s work on Advanced Base Operations in Micronesia (Operation Plan 712) in 1921 clearly demonstrated his ability to forecast the future needs for amphibious warfare in the Pacific two decades prior to World War II. Though most readers will recognize former Air Force colonel John R. Boyd for his observe-orient-decide-act (OODA) decision-making loop, his more innovative work may well be seen in the energy maneuverability (E-M) theory, a mathematical study of fighter aviation. Then-major Wyly was tasked with reforming the Marine Corps concept of maneuver warfare in the wake of the Vietnam War. The work of Wyly, Boyd, and William S. Lind would serve as the foundation for Warfighting, Marine Corp Doctrinal Publication (MCDP) 1, that was later formally written by then-captain John Schmitt, along with several other doctrinal publications, including Ground Combat Operations, Campaigning, Command and Control, Planning, Expeditionary Operations, and a revision of Warfighting. The articles in this issue of JAMS continue the discussion fostered by these innovative pathfinders. Our introductory section from the Brute Krulak Center for Innovation and Creativity discusses the conception and creation of the center and some of its most innovative programs, including the award-winning Destination Unknown graphic novel and the center’s first essay contest, the U.S. Marine Corps Postmortem, and offers insight from Marine Corps leaders who consider both success and failure as critical measures for the strength of an organization. For example, Lieutenant General Loretta E. Reynolds contemplates how the Corps “must find a way to manage today’s risks while constantly readying ourselves for the emerging challenges of the future fight.”
Topic:
Security, Defense Policy, Military Strategy, Counterinsurgency, Culture, Armed Forces, Authoritarianism, Cybersecurity, Democracy, Geopolitics, History, Surveillance, Think Tanks, Propaganda, Innovation, Armed Conflict, and Game Theory
Political Geography:
Russia, China, Haiti, North America, United States of America, and Indo-Pacific