establish a Cyber Risk Reduction Center to exchange information and provide nations with assistance;
create as international-law concepts the obligation to assist and national cyber accountability, as discussed earlier;
impose a ban on first-use cyber attacks against civilian infrastructure, a ban that would be lifted when (a) the two nations were in a shooting war, or (b) the defending nation had been attacked by the other nation with cyber weapons;
prohibit the preparation of the battlefield in peacetime by the emplacement of trapdoors or logic bombs on civilian infrastructure, including electric power grids, railroads, and so on; and
prohibit altering data or damaging networks of financial institutions at any time, including the preparation to do so by the emplacement of logic bombs.
Later, after experience with CWLT One, we could examine whether to expand its scope. We should begin with a no-first-use ban on cyber attacks against civilian targets, rather than an outright ban, because nations should not be disingenuous when they sign obligations. Nations that are engaged in a shooting war or have been the victims of cyber attack will probably employ cyber weapons. Moreover, we do not want to force nations that have been the victim of cyber attack to retaliate with kinetic weapons because of a ban on cyber attacks. The proposal does not preclude initial cyber attacks on military targets. Nor does it rule out preparation of the battlefield against military targets, because proposals to do so raise complex trade-offs and would overburden CWLT One. Nonetheless, lacing each other’s military with logic bombs is destabilizing and we should say publicly that if we discover it happening to us we would consider it as a demonstration of hostile intent.
Non-state actors will be a problem for cyber arms control, but CWLT should shift the burden of stopping them to the states party to the convention. Nations would be required to rigorously monitor for hacking originating in their country and to prevent hacking activity from inside their territory. They would be required to act promptly to stop such activity when notified of it by other nations through an international Cyber Threat Reduction Center. That Center would be created by the treaty, paid for by signatories, and be staffed at all times by network and cyber security experts. The Center could also dispatch computer forensics teams to assist in investigations and to determine whether nations are actively and assiduously investigating reported violations. The treaty would include a concept of national cyber accountability, making it a treaty violation if a nation did not stop a threat when notified by the Center. It would also include the obligation to assist the Center and other signatories.
The treaty will also have to deal with the attribution problem, which is not just a matter of nations organizing their citizen hacktivists. The hacktivist problem might be addressed by the provisions in the treaty we have just discussed. Attribution is also a problem because nations route attacks through other countries and sometimes actually initiate them from another nation. The Center could investigate claims by nations that they were not the source of an attack, and it could issue reports to allow the member states to judge if there had been a treaty violation by a particular state. If there had been a clear violation, the states party to the treaty could issue sanctions. The sanctions could range across a spectrum from, at the low end, denying visas or entry to specific individuals, to denying Internet connectivity to an ISP. At the higher end, nations could limit international Internet and telephone traffic flows for a country. The Center could put scanners on the points where traffic from the country came into other nations. Finally, of course, nations could refer the problem to the United Nations and recommend broader economic and other sanctions.
The treaty and the Center would only be concerned with cyber war. It would not become an international regulatory body for the Internet, as some have proposed. Burdening CWLT with that possibility will ensure that it is opposed by many interests in the U.S. and elsewhere. CWLT will not, by itself, stop attacks on civilian targets, but it will raise the price of trying them. The advent of CWLT as an international norm will also send a message to cyber warriors and their government masters that firing off a cyber attack is not the first thing that you do when your neighbor state has made you mad. Engaging in offensive cyber war against another country would become, after CWLT, a major step. Using it against a civilian infrastructure target would be a violation of international law. Nations that signed the CWLT might put in place good internal controls to prevent their own cyber warriors from starting something without proper authorization.
5. CYBERSPACE AT MIDDLE AGE
The fifth element of fighting cyber war is research on more secure network designs. The Internet is now forty, entering midlife, yet it has not changed much from its early days. Yes, bandwidth certainly has grown, as has wireless connectivity, and mobile devices have proliferated. But the underlying design of the Internet, which was done without any serious thought to security, is unaltered. Although many software glitches and security issues were supposed to have disappeared when Microsoft replaced its earlier buggy operating systems with Vista and now Windows 7, problems persist with all of the most ubiquitous software programs.
When I asked the head of network security for AT&T what he would do if someone made him Cyber Czar for a day, he didn’t hesitate. “Software.” Ed Amoroso sees more security issues in a day than most computer security specialists see in a year. He has written four books on the subject and teaches an engineering course on cyber security. “Software is most of the problem. We have to find a way to write software which has many fewer errors and which is more secure. That’s where the government should be funding R&D.” Hackers get in where they don’t belong, most often because they have obtained “root,” or administrator status, through a glitch they have discovered in the software. There are two research priorities created by that phenomenon. We have to do a better job of finding the errors and vulnerabilities in existing software, which is a matter of testing in various ways. But at the same time we need to find a process for writing new applications and operating systems from scratch with close to zero defects.
As much as people fear robots and artificial intelligence (without knowing that there are already a lot of both at work today), it may be worth thinking about using artificial intelligence to write new code. It would mean coming up with a set of rules for writing secure and elegant code. The rules would have to be extensive and iterated with testing. The project would be sufficiently large that it would require government research funding, but it should be possible gradually to develop an artificial intelligence program that could respond to requests to write software. The artificial code writer could compete with famous software designers, much as IBM’s Big Blue played against human chess masters. Drawing on the open source movement, it could be possible to get the world’s experts to contribute to the process.
The work that was done to create the Internet forty years ago has been enormously valuable, far more so than the inventors ever thought then that it would be. Now the funders of the original Internet should fund an attempt to do something better. Today cyber research is fragmented and, according to a presidential advisory board, cyber security research is dangerously underfunded. Cyberspace also needs a fresh look from designers who are freed to think of new protocols, new ways of authenticating, and advanced approaches for authorizing access, seamlessly encrypting both traffic and data at rest.
There are some signs of renewed life at DARPA (the Defense Advanced Research Projects Agency), which funded much of the early Internet development. After years of abandoning research on the public Internet, things have begun to change. In October 2009, DARPA granted a contract to a consortium including defense contractor Lockheed and router manufacturer Juniper Networks to design a new basic protocol for the Internet. For decades, the Internet has been breaking traffic up into little digital packets, each with its own address space, or “header.” The header has the basic to and from information. The protocol or format for these packets is named TCP/IP (
Transport Control Protocol/Internet Protocol). For the gods and founders of the Internet, TCP/IP is as sacred as the Ten Commandments are to some religious groups. What DARPA is now looking for is something to replace TCP/IP. Shock and horror! The new Military Protocol would allow for authentication of who sent every packet. It would permit prioritization of the packets, depending upon the purpose of the communication. It might even encrypt the content. The Military Protocol would be used initially on the Pentagon’s networks, but just think what it could do for the Internet. It could stop most cyber crime, cyber espionage, and much of cyber war. DARPA has no estimated ready date for the Military Protocol, nor any idea about how the conversion process from TCP/IP would occur. Nonetheless, it is just that kind of thinking that could make the Internet secure someday.
We should not throw out what we have until we are sure that the alternative really is better and that the conversion process is feasible. What might that something new look like? In addition to the Internet, cyberspace might consist of many more intranets, but these would be highly heterogeneous, running one of several different protocols. Some of the intranets might have “thin clients,” which are not skinny guys looking for a lawyer, but computer terminals that use well-controlled servers or mainframes rather than having an extensive hard drive on every desk. Centralized mainframes (yes, the old mainframe) that, if they failed, would be backed up by redundant hardware at other locations, could manage intranets to prevent security violations and configuration mismanagement at the nodes. The intranets’ traffic would run on separate fibers from the public Internet and could be switched by routers that did not touch the public Internet. Data could be scanned for malware and backed up in redundant data farms, some of which would always be disconnected from the network in case of a corrupting system failure. All of these new intranets could use constant scanning technologies to detect and prevent anomalous activity, intrusions, identity theft, malicious software, or unauthorized exporting of data. The intranets could encrypt all data and require that a user prove with two or three reliable methods who he is before he could access the intranet. If the new nets were “packet switched,” as the Internet is now, the user’s authenticated identity could be embedded in each packet. Most important, these networks could constantly monitor for and prevent connectivity to the Internet.
A lot of people will hate that idea. Many of the Internet’s earliest advocates strongly believe that information should be free and freely disseminated, and that essential to that freedom is the right to access information anonymously. The “open Internet” people believe that if you wish to read The Communist Manifesto, or research treatments for venereal disease, or document China’s human rights violations, or watch porn online, your access to that information will not be free if anyone knows that you are looking at it.
But does that mean that everything should be done on one big, anonymous, open-to-everyone network? That’s how Vint Cerf and others see the Internet, and they’ll be damned if they’re gonna agree to change it. When I worked in the White House, I proposed something I called “Govnet,” a private network for the internal working of federal agencies that would deny access to those who could not really prove who they were (maybe with a special fob). Vint Cerf thought that was an awful idea, one that would erode the open Internet, beginning a trend of cutting it up into lots of little networks. Privacy advocates, whose cause I usually support, hated Govnet, too. They thought it would force everyone accessing the public web pages of government agencies to identify themselves. Of course, the public web pages would not have been on Govnet. They would still have been on the public Internet. But in the face of opposition like that, Govnet did not happen. It is probably time that we revisit the Govnet concept now.
In addition to Govnet for critical functions of the federal government, where else might we want such secure networks? For airline operations and air traffic control, railroad operations, medical centers, certain research activities, operations of financial institutions, controlling space flight, and, of course (say it with me), for the power grid. All of these institutions would still need an Internet-facing presence off the intranet, to communicate outside the closed community of the intranet. But there would be no real-time connection between the secure networks and the Internet. Indeed, ideally the protocol, applications, and operating systems would be incompatible.
There would still be a public Internet, of course, and we would all still use it for entertainment, information, buying things, sending e-mail, fighting for human rights, learning about medical problems, looking at pornography, and engaging in cyber crime. But if we worked at a bank, the IRS, or the train company, or (say it loudly) the electric company, we would use one of these new secure, special-purpose intranets when we were at work. Cyber war could still target these intranets, but their diversity, their use of separate routers and fiber, and their highly secured internals would make it very unlikely that they could all be taken down. Vint Cerf and those devoted to one big everybody-goes-everywhere, interconnected web won’t like it, but change must come.
6. “IT’S POTUS”
Those were the words our hypothetical White House official heard in chapter 2. Most of the time, those are words you never want to hear, at least when somebody is shoving a phone in your direction in a crisis. The sixth element of our agenda is, however, Presidential involvement. I know that everyone working on a policy issue thinks the President should spend a day a week on his or her pet rock. I don’t.
The President should, however, be required to approve personally the emplacement of logic bombs in other nations’ networks, as well as approve the creation of trapdoors on a class of politically sensitive targets. Because logic bombs are a demonstration of hostile intent, the President alone should be the one who decides that he or she wants to run the destabilizing risks associated with their placement. The President should be the one to judge the likelihood of the U.S. being in armed conflict with another nation in the foreseeable future, and only if that possibility is high should he or she authorize logic bombs. Key congressional leaders should be informed of such presidential decisions, just as they are for other covert actions. Then, on an annual basis, the President should review the status of all major cyber espionage, cyber war preparation of the battlefield, and cyber defense programs. An annual cyber defense report to the President should spell out the progress made on defending the backbone, securing the DoD networks, and (let me hear you say it) protecting the electric power grid.
In this annual checkup, the President should review what Cyber Command has done: what networks they have penetrated, what options would be available to him in a crisis, and whether there are any modifications needed to his earlier guidance. This review would be similar to the annual covert-action review and the periodic dusting off of the nuclear war plan with the President. Knowing that there is an annual checkup keeps everybody honest. While he is reviewing the cyber war strategy implementation, the President could annually get a report from our proposed Cyber Defense Administration on its progress in securing government agencies, the Tier 1 ISPs, and (all together now) the power grid.
Finally, the President should put reducing Chinese cyber espionage at the top of the diplomatic agenda, and make clear that such behavior amounts to a form of economic warfare.
As I suggested earlier, the President should use the occasion of his annual commencement address at a military service academy, looking out over the cadets or midshipmen and their proud families, to promulgate the Obama Doctrine of Cyber Equivalence, whereby a cyber attack on us will be treated the same as if it were a kinetic attack and that we will respond in the manner we think best, based upon the nature and extent of the provocation. I suggested that he add a proposal for a global system of National Cyber Accountability that would impose on nations the responsibility to deal with cyber criminals and allegedly spontaneous civilian hacktivists, and an Obligation to Assist in stopping and investigating cyber attacks. It would be a sharp contrast to the Bush Doc
trine, announced at West Point, that expressed the sentiment that we should feel free to bomb or invade any nation that scares us, even before it does anything to us.
To follow up such a spring speech at an academy, the President should then in September give his annual address at the opening of the United Nations General Assembly session. Looking out from that green granite podium at the leaders or representatives of nine-score countries, he should say that
The cyber network technology that my nation has given to the world has become a great force for good, advancing global commerce, sharing medical knowledge that has saved millions of lives, exposing human rights violations, shrinking the globe, and, through DNA research, making us more aware that we are all descendants of the same African Eve.
But cyberspace has also been abused, as a playground for criminals, a place where billions of dollars are annually siphoned off to support cartels’ illicit activities. And it has already been used by some as a battlespace. Because cyber weapons are so easily activated and the identity of an attacker can sometimes be kept secret, because cyber weapons can strike thousands of targets and inflict extensive disruption and damage in seconds, they are potentially a new source of instability in a crisis, and could become a new threat to peace.
Make no mistake about it, my nation will defend itself and its allies in cyberspace as elsewhere. We will consider an attack upon us through cyberspace as equivalent to any other attack and will respond in a manner we believe appropriate based on the provocation. But we are willing, as well, to pledge in a treaty that we will not be the first in a conflict to use cyber weapons to attack civilian targets. We would pledge that and more, to aid in the creation of a new international Cyber Risk Reduction Center, and undertake obligations to assist other nations being victimized by attacks originating in cyberspace.
Cyber War: The Next Threat to National Security and What to Do About It Page 28
