Who should read this book?
Building on the knowledge of lawyers, practitioners, government officials, academics, and former service members, this edited volume delivers a roadmap for the policy debates of the next decade in cybersecurity policy. It is intended to serve as a guidebook for legislators and executive branch officials who will confront the issues outlined; as a primer and potential reference work for corporate leaders, academics, students; and as a starting point for informed debate amongst us all. Cybersecurity policy covers a diverse range of issues, nothing suitable for a single solution or a static party line. This book is intended to represent this complexity and offer four distinct sections. It can be taken as a whole or digested in these separable parts, each built around a common set of challenges. It is a starting point and a building block, not the final word nor the last detail.
The book is structured as an agenda for readers and policymakers with a combination of background and topic focused deep-dive material.
Each chapter offers a “chapter highlights” section outlining the main themes and takeaways.
Each chapter also offers particular recommendations to policymakers with respect to the chapter’s content.
The contributors in these pages are subject matter experts representing a wide variety of academic and policy institutions; one chapter author (Dr. Herbert Lin) is a member of President Obama’s distinguished 12-person Commission on Enhancing National Cybersecurity.
The book combines the work of experts from a variety of think tanks around Washington, D.C. including the American Foreign Policy Council, New America, RAND, the Atlantic Council, and Center for a New American Security.
The challenges and discontinuities introduced by digital information systems are so diverse that no single analogy can properly capture them. However, one apt description may be contained in the observation that, in some important respects, the leaders of American government respond to the problems of cyber technology the same way Americans and their leaders responded to our Western frontier two hundred years ago.
We are excited by what we already have experienced, and believe that future discoveries and exploitations will have immense and transformative effects. At the same time, we are uncertain and conflicted. What is the shape of this new territory? How should it be governed? Must it be insecure for decades to come? How do we reconcile old values, interests, power relationships and practices with the frontier’s unfamiliar risks, demands, and ways of doing things?
Like our forbearers, we can only partially comprehend and map the unknown. We do so by relying on reports filtering back from scattered settlements and from explorers who tell us, sometimes inaccurately, where some trails lead. With haphazard information, we try to regulate areas that are at least somewhat settled, attempt occasional forays to maintain a modicum of order in some critical areas, and more or less acquiesce to anarchy in the remainder. Barely able to comprehend what will come, we project our hopes and fears onto our mental maps of the future.
American leaders concerned with national security have a particularly strong imperative to develop these maps, but have a deep difficulty in doing so. For all of our professional lives, we have built our security on a foundation of technological innovation that consistently, sometimes exclusively and usually disproportionately, came from initiatives largely directed by the national security establishment. Furthermore, these developments came (again, with some exceptions) at a pace that we could assimilate and control. Now, though the internet famously evolved from DARPA and the semi-conductor industry significantly in response to military and NASA needs, we have all become sorcerers’ apprentices: we have little, and sometimes no, control over technology innovation generally, and information technology in particular.
At this frontier, there is a sense that no claims are exclusive, that the pace and direction of development cannot be bounded or well-predicted, that the settlers recognize no special allegiance to us, and that the bounty they produce may make us more, rather than less, vulnerable. Moreover, developments come with a speed that exceeds the ability of many decision-makers to gain familiarity with new developments, the capabilities of bureaucracies to adapt to them, and legislative efforts to respond to them.
To cope with this, we depend even more than our predecessors on explorers—in this realm, we call them “experts.” The following pages are a select group’s reports from the field. They give us slices of perception about a world we only partly comprehend. But those slices begin to map paths and suggest policies.
Of course, these contributors explore only with their minds, while their nineteenth century predecessors were exposed to great physical risks and discomforts. But since cyber space is not, by and large, physically accessible, what more could we ask? In fact, it takes immense energy, imaginative planning and meticulous care to build the kit required for this mental expedition. And it requires no small amount of moral courage to put yourself out there, recommending policy paths based on information that is necessarily incomplete and flawed.
I don’t know what in these pages will stand the test of time. I do know, though, that however tentative, the maps provided here are among the best we have and provide a basis for building a better future. For that, we are indebted to these authors and privileged to read these pages.
The Honorable Richard Danzig
71st Secretary of the Navy, November 1998 – January 2001
ABOUT THE BOOK
Computing and connectivity have magnified the very best and worst in us. The internet has transformed the way we access information and the scale at which thought can be processed, transmitted, and reconfigured across the world. Human nature came along for the ride however and with every innovation and inspired design choice, there's been a corresponding avenue opened for greed and malevolence.
In recent years, the security of computer systems at the U.S. Department of Defense (DoD) have been compromised by foreign intruders, Chinese state and criminal groups have carried out espionage against U.S. companies in what has been called “the greatest transfer of wealth in history,” and the number of commercial enterprises victimized by data breaches has increased exponentially. The array of states and criminal organizations that are working daily to target government agencies, companies, and individuals presents a growing challenge to existing policy to define, build, and support a secure ecosystem of computing technologies and users. Growing, too, are the capabilities of potential adversary states, against whose activities the U.S. government must prioritize the defense of cyberspace, formulate a comprehensive strategy to protect critical national infrastructure, and guard against economic espionage.
The security of the internet and computer systems sits at the intersection of technology and policy. It is impossible to reduce the interconnectedness or dependency on the internet, but this book serves as an agenda to outline the next set of challenges and propose solutions for debate in the White House, on Capitol Hill, and across the country. In an era of systemic cyberinsecurity, the challenge is not to understand just the bits and bytes but also the larger political and policy framework within which technological changes are occurring. Our efforts to present these issues of next decade are a starting point for debate and a platform for progress.
Hon. Richard J. Danzig
Dr. Richard Danzig is Vice Chair of the Board of Trustees of The RAND Corporation, a member of the Defense Policy Board and The President’s Intelligence Advisory Board, a Trustee of Reed College, and a Director of the Center for a New American Security. From the spring of 2007 through the Presidential election of 2008, Dr. Danzig was a senior advisor to Senator Obama on national security issues. Dr. Danzig served as the 71st Secretary of the Navy from November 1998 to January 2001.