Search

2591. The Need for Countries to Establish Robust and Transparent Vulnerabilities Equities Processes

Author:
Sharon Bradford Franklin
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
In 2017, leaders of the U.S. Intelligence Community warned that “more than 30 nations are developing offensive cyberattack capabilities.”1 This means that more than 30 countries may be conducting hacking operations as a method for surveillance, disruption, or destruction. Unregulated cyber surveillance and cyberattacks by government actors can pose risks not only to a government’s foreign adversaries, but also to its own citizens. Thus, as the United States and other nations work to enhance their own offensive cyber capabilities, as well as to develop strategies to defend against potential attacks, it is critical that these countries establish legal regimes to govern such conduct in cyberspace. Although Germany has established a legal framework to regulate government hacking activities,[2] few countries have done so.[3] ​ To bring government hacking operations within the rule of law, a crucial step is to design rules regarding the management of vulnerabilities that governments discover or acquire. As with other cyber actors, when governments conduct hacking operations, this frequently involves exploiting vulnerabilities in computer hardware and software systems. But these same flaws can also be manipulated by a government’s foreign adversaries or other malicious actors. Therefore, when countries consider their abilities to rely on hacking as an investigative tool, as well as their interests in exploiting vulnerabilities for military and intelligence operations, they must also evaluate the capacity of information and communications technology providers to repair bugs and protect the cybersecurity of all users. Determining whether to exploit a vulnerability or disclose it to a vendor for patching involves balancing a variety of different security concerns against each other. ​ Some countries have made progress in formalizing the rules for making these decisions and in publicizing these rules to promote public accountability. In November 2017, the United States released a charter governing its Vulnerabilities Equities Process (VEP), which outlines how the U.S. government weighs the various competing equities.[4] The charter delineates which components of the government will participate in determinations regarding whether to disclose or retain each newly discovered vulnerability, and it sets forth the criteria to be used and the process to be followed in making such assessments. One year later, the United Kingdom (UK) announced its Equities Process, which follows a similar approach.5 Most recently, in March 2019, Australia released its “Responsible Release Principles for Cyber Security Vulnerabilities,”[6] and Germany is currently working to develop a VEP and is expected to make information about its process public in early 2019.[7] However, as described below, the VEP procedures revealed to date need further improvement,[8] and most of the nations with offensive cyber capabilities have not developed—or at least have not announced—any such framework...
Topic:
Security, Intelligence, Science and Technology, and Cybersecurity
Political Geography:
North America and United States of America

2592. Assessing Attitudes of the Next Generation of African Security Sector Professionals

Author:
Kwesi Aning and Joseph Siegle
Publication Date:
05-2019
Content Type:
Working Paper
Institution:
Africa Center for Strategic Studies
Abstract:
Africa’s armed forces are in transition from an independence-era model to one more suited to today’s conflicts and threats. They are increasingly called upon to engage in preventive action, resolve domestic security crises, combat transnational threats, and protect the progression toward more democratic governance. Understanding how African security sector actors’ perceptions may be shifting in light of these changes can provide insights to improving their effectiveness. This study, involving 742 African security sector professionals from 37 countries, assesses differences in the attitudes, motivations, and values of the emerging generation of African security sector professionals. Understanding these differences may raise awareness, provide a basis for reform, and create an impetus for improving the citizen-security actor relationship.
Topic:
Globalization, National Security, Democracy, State Building, and transnationalism
Political Geography:
Africa, Mediterranean, and Sahara

2593. How Much Does a “Privacy” Weigh?

Author:
Paul Rosenzweig
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
Benjamin Franklin is famous, in part, for having said, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” Though historical evidence suggests Franklin’s quote has been misinterpreted,[1] the aphorism has come to stand for the proposition that privacy and security stand in opposition to each other, where every increase in security likely results in a commensurate decrease in privacy, and vice versa. ​ Couched in those terms, the privacy/security trade-off is a grim prospect. We naturally want both privacy and security to the greatest extent possible. But Franklin tells us this is impossible — that privacy and security are locked in a zero-sum game where the gain of one comes only at the loss of the other. ​ Of course, this characterization is assuredly flawed; it is certainly possible to adopt systems that maximize both privacy and security in a Pareto optimal way. That is one of the reasons why so many privacy and security experts simply revile the “balancing” metaphor — it obscures more than it illuminates... ​
Topic:
Security, Science and Technology, Cybersecurity, and Privacy
Political Geography:
Global Focus and United States of America

2594. Learning from Russia’s Influence Campaigns in Eastern Europe: A Conversation with Nina Jankowicz

Author:
Fletcher Security Review Staff and Nina Jankowicz
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
Nina Jankowicz is writing a book on the evolution of Russian influence campaigns in Eastern Europe. She has previously worked advising the Ukranian government on communication and managed democracy assistance programs for Russia and Belarus. She is currently a Global Fellow at the Woodrow Wilson International Center for Scholars’ Kennan Institute and has previously served as a Fulbright-Clinton Public Policy Fellow.
Topic:
Security, Territorial Disputes, and Geopolitics
Political Geography:
Russia, Ukraine, and Eastern Europe

2595. Shifting Borders: Africa’s Displacement Crisis and Its Security Implications

Author:
Wendy Williams
Publication Date:
10-2019
Content Type:
Working Paper
Institution:
Africa Center for Strategic Studies
Abstract:
Recent years have seen record numbers of Africans forcibly displaced from their homes. The most recent figure of 25 million people displaced is a 500-percent increase from 2005. While much attention focuses on economic migrants who are trying to cross into Europe, 95 percent of those who are displaced remain on the continent. Two-thirds of these are displaced within their home countries. In short, the reality faced is more accurately characterized as an African displacement, rather than a European migrant, crisis. This paper explores the drivers of population displacement in Africa, security ramifications, and priorities for reversing this destabilizing trend.
Topic:
Migration, Diaspora, Political stability, and Displacement
Political Geography:
Africa, North Uganda, South Sudan, and Sahara

2596. The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David Sanger

Author:
David Sanger and Travis Frederick
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
In The Perfect Weapon, David Sanger argues that the nature of global power itself is undergoing dramatic changes, brought about by the proliferation of highly advanced cyber capabilities. Today, internet access is nearly ubiquitous, the cost of entry is low, and, particularly in the domain of cyberwarfare, there is one fundamental fact: offensive capabilities have critically outpaced cyber defenses. A weak and impoverished nation like North Korea can hold large swaths of public and private infrastructure in America at risk, steal military OpPlans, and pilfer millions of dollars from foreign banks. A Kremlin reeling from sanctions, low oil prices, and historically low public trust is able to threaten the very foundations of American democracy through targeted social media campaigns and hacking and leaking the emails of a major political party. But while the offensive advantage has given weaker powers greater capacity to pursue their geopolitical objectives, U.S. leadership has found that their response options have not similarly benefitted. America’s offensive cyber prowess so exceeds its own defensive capabilities that officials often hesitate to strike back for fear of establishing norms of retaliation against vulnerable infrastructure or inciting unintended escalation. Sanger argues that without an open public debate among government policy makers, military planners, and academics to coordinate a grand strategy, the United States will be forced to accept a world of constant cyberattacks, limited response options, and the greater risk of capitulating to foreign coercion...
Topic:
Security, Intelligence, Science and Technology, Cybersecurity, and Book Review
Political Geography:
North America and United States of America

2597. A Healthier Way for the Security Community to Partner with Tech Companies

Author:
Douglas Yeung
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
Digital data captured from social media, cell phones, and other online activity has become an invaluable asset for security purposes. Online mapping or cell-phone location information can be used to collect intelligence on population movement, or to provide situational awareness in disasters or violent incidents. Social-media postings may be used to vet potential immigrants and job applicants, or to identify potential recruits who may be likely to join the military. ​ However, breakdowns in relationships between the tech industry and would-be consumers of technology’s handiwork could imperil the ability of security stakeholders to use this data. Ongoing issues have already begun to shape some technologists’ views on the ethical use of artificial intelligence and other technologies in war and conflict and their impact on human rights and civil liberties. It isn’t difficult to imagine a series of future incidents further souring collaboration between technologists and security stakeholders. ​ In contrast to its reluctance over security matters, the tech industry has been a willing partner for government agencies and communities that promote health and wellbeing—topics that present less of an ethical challenge. Although it may not be immediately apparent, wellbeing and security have much in common. Could the security community take a page from wellbeing efforts to improve their collaboration with the tech industry?...
Topic:
Security, Science and Technology, Business, Surveillance, and Private Sector
Political Geography:
Global Focus and United States of America

2598. Obstacles to IT Modernization: The New National Security Imperative

Author:
Richard Beutel and Andrew Caron
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
As the December 2018-January 2019 government shutdown pressed forward into unexplored territory, no one asked what impact the continuing funding delays might have upon information technology (IT) modernization. This should be a significant concern, as IT modernization is now widely recognized as a national security imperative. The cumbersome and lengthy acquisition process stifles innovation and allows U.S. adversaries such as China to develop and deploy cutting-edge technologies far faster than the United States is able. The loser is the U.S. military, which is often saddled with obsolete capabilities. The recently released Third Volume of the Section 809 Panel report states this explicitly—we are on a “war footing”—and the government’s cumbersome acquisition policies are a primary culprit. The shutdown certainly did not help any of this. The authors can offer no solution regarding how to solve the threat of another shutdown. The issues are no longer substantive—both parties see “the wall” as emblematic to their political base. But we can talk about recent green shoots in addressing the IT acquisition. Without mincing words or exaggeration, the government has a dismal record of successful IT modernization.[1] The U.S. Government Accountability Office (GAO), a respected government watchdog, has exhaustively documented the government’s dependence on outdated legacy IT and the billions of U.S. dollars wasted by agencies in failed modernization attempts.[2] The causes are numerous: a compliance-oriented acquisition workforce, perverse incentives that reward “box checking” rather than end-user outcomes, and an entrenched cultural fear of “doing things differently” caused by an overblown concern about potential bid protests and increased congressional oversight.[3] Recently, however, a new awareness has arisen across the government that the old ways of IT procurements no longer serve the country. Current acquisition techniques are relics of an age before commercialized internet services even existed; they were not designed to keep pace with the rapid evolution of IT technologies.
Topic:
National Security, Science and Technology, and Modernization
Political Geography:
China, Asia, North America, and United States of America

2599. Nuclear Weapons with 21st Century Technology: A Conversation with John Borrie

Author:
John Borrie and Fletcher Security Review Staff
Publication Date:
07-2019
Content Type:
Journal Article
Journal:
Fletcher Security Review
Institution:
The Fletcher School, Tufts University
Abstract:
John Borrie is the research coordinate and program lead at the United Nations Institute for Disarmament Research. He’s currently working on continuing and expanding dialogues about disarmament and the impact of nuclear weapons on humanitarian affairs. He previously worked on weapons control for both the International Committee of the Red Cross and as a New Zealand diplomat. Borrie holds a doctorate in philosophy from the University of Bradford.
Topic:
Security, Nuclear Weapons, Science and Technology, and Interview
Political Geography:
United Nations and Global Focus

2600. Envisioning a Stable South Sudan

Author:
Luka Kuol, Majak D'Agoôt, Remember Miamingi, Lauren Hutton, Phillip Kasaija Apuuli, Luol Deim Kuol, and Godfrey Musila
Publication Date:
05-2019
Content Type:
Working Paper
Institution:
Africa Center for Strategic Studies
Abstract:
The internal conflict and resulting humanitarian crisis embroiling South Sudan since December 2013 have exposed the country’s fragility. A weak national identity, ethnically based violence, a legacy of violent conflict resolution, personalized and patronage-based politics, weak institutional checks on the abuse of power, and the absence of encompassing leadership, among other factors, all pose obstacles to peacebuilding. As a result, envisaging a stable South Sudan has become increasingly difficult for many South Sudanese and external observers. With regional and international diplomacy rightly focused on negotiating an immediate end to hostilities, the Africa Center for Strategic Studies has asked a selection of South Sudanese and international scholars, security practitioners, and civil society leaders to share their visions of the strategic issues South Sudan must address if it is to make a transition from its current state of dissimilation to a more stable reality. These visions, taken individually and collectively, are intended to help sketch out some of the priorities and prerequisites for transforming today’s highly fragmented security landscape in South Sudan to one in which its citizens are safe in their own country and are protected from external threats.
Topic:
International Cooperation, Nationalism, Regional Cooperation, United Nations, and Humanitarian Intervention
Political Geography:
Africa, East Africa, South Sudan, and Central Africa