On February 9th of this year, the Obama administration announced that after a seven year observation of the cybersecurity environment, it was going to establish the Cybersecurity National Action Plan (CNAP). The new cybersecurity plan was formulated to counter the ever-morphing threats and hackings in cyberspace that could potentially have grave consequences for both public and private institutions, as well as the security of individual Internet users.
The White House announcement notes that modern society has benefitted tremendously from interconnectedness due to the proliferation of the Internet, emphasizing that “from buying products to running businesses to finding directions to communicating with the people we love, an online world has fundamentally reshaped our daily lives.” However at the same time, the White House brief notes that the shadows casted by the illumination of interconnectedness – often rising out of shadowy “dark nets”- such as terrorism, criminal acts, are real problems as well: “Just as the continually evolving digital age presents boundless opportunities for our economy, our businesses, and our people, it also presents a new generation of threats that we must adapt to meet.”
The White House announcement outlines both short-term actions and long-term goals to combat threats posed by these actors. The effort includes items such as establishing a collaborative Commission on Enhancing National Cybersecurity, updating and reforming government IT, beefing up critical infrastructural security, and introducing other initiatives to strengthen password security for online accounts via tools such as biometrics.
Although the effort to strengthen cybersecurity is a welcome development to counter the ever-tumultuous nature of cyberspace, it is not without its critics, who note that the initiative still suffers from bureaucratic culture and shortsightedness. This, in turn, may limit its effectiveness in combating the dangers arising from cyberspace.
Since the end of the Cold War and the alleged “End of History,” there have been numerous arguments proposed to the effect that due to interconnectedness of the humanity via the Internet, the traditional concept of the state and the geopolitical notions underpinning it have been rendered obsolete. As a parallel phenomenon to the growth of globalization of material goods and ideas, the proponents of the idea argue that the IT revolution grounded in the expansion of the Internet will connect ever more users and level the playing field for all, creating a certain form of global commons that’s rooted in a system of common values, buttressed by economic interdependence on a global scale.
Although international and interstate cooperation is needed and admirable effort to combat internationally pressing issues, this supposed erosion of the state has been asserted many times but rarely supported with substantial facts. It seems that this perspective has gone far ahead of reality on the ground. This is even more so true in the area of national security strategy, under which cybersecurity is most often classified.
Researchers T.V. Paul and Norrin M. Ripsman conclude in their work Globalization and the National Security State that many of the assertions regarding the obsolescence of national borders have been hyped, especially in the area of national security. They point out that though globalization has influenced the national security apparatus of differing states in differing ways, great power states have in many ways maintained or even consolidated their domestic powers as opposed to delegating more authority to international organizations.
Geopolitics, in which national security and strategy are often rooted, is just as relevant as ever in the face of threats related to cybersecurity. According to Marshall Institute Fellow, John B. Sheldon, there are numerous reasons to believe that geopolitics still remain fundamental in the face of the Internet revolution. Sheldon points out that infrastructures from satellites to routers to cables are placed in specific points of geography (most of which have been placed by private companies), and geopolitical considerations are taken into account for their placements (such as not placing cables too closely to sea lanes.) In a thesis paper produced in 2014, he concludes that “Wherever geopolitical rivalries and tensions are present and wherever the physical locus of power resides, cyber exchanges occur. Terrorist use of cyberspace also has a geopolitical dimension… Last, it might even be claimed that the criminal use of cyberspace can have a geopolitical aspect… [who], taking advantage of countries with cyberspace infrastructure but weak governance, use cyberspace to further their geographic reach and take advantage of global financial networks.”
In 2009, the GhostNet spy system based in China infected computers of over a hundred locations of strategically significant political and economic interests, many of them embassies. One such target included the office of the Dalai Lama, who is regarded as Beijing’s nemesis. These various savvy actors implement their geopolitical ambitions not only on the surface web, but also on the dark web, which requires professional knowledge and resources to combat.
In November 2012, anti-Israel hacker group Parastoo hacked into the International Atomic Energy Agency (IAEA) of the United Nations, releasing the names of the agency’s nuclear experts on its website. The motivation of the disclosure, according to the Parastoo website, was to persuade the nuclear scientists to urge the IAEA to launch investigation into the Israeli nuclear program. Parastoo, as noted by various reports, is a common girl’s name in Iran. Iran and Israel, needless to say, are regional rivals. What can be glimpsed from this case also is that cyberspace is functioning as a virtual space for various actors to play out their geopolitical strategies rooted in the three-dimensional, physical realm that we inhabit.
The state is a durable institution, and it is flexible enough to accommodate societal changes, regional or global. It is not just the US government that is taking an initiative in cybersecurity. The Brazilian government has taken measures against the surveillance programs of the US National Security Agency. In 2008 the Swedish government enacted anti-terror legislation to monitor Internet traffic passing through its territory. The Chinese government – known for its Golden Shield project and itself targeted by domestic hackers – arrested late last year several hackers at the request of the United States government. The US government had threatened Beijing – an entity alleged to have sponsored the hacking of Anthem Inc. database – with a round of economic sanctions (which, of course, is implemented through state institutions). The role of the state, for good or for bad, will be expected to endure in the fight against threats rising out of cyberspace for the foreseeable future. There should be efforts for greater public-private cooperation on the issue of cybersecurity and no great ideas should be wasted because of bureaucratic preconceptions, red tape, and blinders. Additionally, the effort to counter threats from cyberspace may not only be a purely domestic operation; it can have an international scope as well. For instance, there has been deeper cooperation between the US Department of Homeland Security and the Israel National Cyber Bureau, and more recently a partnership was struck between New York City and Jerusalem to combat infrastructural cyberattacks.
During the first week of March this year, the RSA Conference 2016 was held in San Francisco. RSA is the world’s largest cybersecurity conference, annually hosting various experts in the IT field. RSA President Amit Yoran emphasized that it is creativity that is the anchor of cybersecurity. Yoran noted that “the problem isn’t a technology problem. Adversaries aren’t beating us with better tech. They’re beating us because they’re being more creative, more patient, more persistent.” Yoran also expressed that more steps need to be taken to prevent attacks rather than just focusing on incident response, and this can be done by infusing creativity into those at the forefront of cybersecurity.
Each and every Internet user has a part in protecting against cybersecurity breaches while engaging in day-to-day activities. But as the importance of geopolitics remains, so too will the importance of the state. And no matter how imperfect that state response may be, it will continue to be part of the cybersecurity architecture meant to mitigate political risks rising out of the Internet. What is needed is a collaboration of experts and an open environment for the exchange of tactics and ideas. Only then can we truly meet the challenges that will continue to emerge from cyberspace.
The opinions, beliefs, and viewpoints expressed by the authors are theirs alone and don’t reflect any official position of Geopoliticalmonitor.com.