Publisher's Synopsis
The recent focus on Edward Snowdon and revelations of US and British surveillance programs should not distract from one vital fact. The electronic networks on which western societies now depend are under constant malicious attack, trend growing. Whether military command and control or critical infrastructure grids (think power, water, transportation, financial, even agriculture and health care), state and non-state actors are consistently working to infiltrate, copy data, and/or position themselves for electronic sabotage in case conflict breaks out. A November 2011 study released by the US government's Office of the National Counterintelligence Executive publicly identifies China and Russia as the most aggressive collectors of economic and technological information from hacked US computer systems [Foreign Economic Collection 2011]. This year it became known that hackers presumed to be working for Chinese military intelligence accessed databases containing technical details of dozens of American high tech weapon systems, both operational and developmental. This immediately led to speculation whether the Chinese or other opponents could temporarily hijack control over these weapon systems in a future conflict. The information concerning the weapon systems hack was leaked from a January 2013 Defense Science Board report titled Resilient Military Systems and the Advanced Cyber Threat. This report, compiled by respected civilian scientists and policy experts, concludes that a full spectrum cyber campaign waged by a state actor with sophisticated capabilities "is of such magnitude and sophistication that it cannot be defended against." The report therefore recommends that "a successful (Department of Defense) cyber strategy must include a deterrence component." Some commentators have read this as a call for nuclear response to cyber attacks. While such a Strangelovesque recommendation is not actually contained in the report (at least not explicitly) the DSB's experts do emphasize the need to ensure the survivability of American nuclear systems from the effects of enemy cyber operations. Failure to harden military and critical civilian systems could leave the United States and its NATO allies vulnerable to an electronic 9/11 or even an electronic Pearl Harbor. Efforts must be made (and expenses incurred) to keep the alliance and its members from having to choose between launching preemptive kinetic warfare or risk being functionally disarmed by enemy information warfare. This issue of Hampton Roads International Security Quarterly begins with an introduction to the theme of cybersecurity and some general recommendations regarding policies and responses. We then progress to the foreign threat scenarios, followed by discussion of cybersecurity for the United States national critical infrastructure. In the final section of this issue, US government cybersecurity functions and instruments (civilian and military) are outlined, rounded out by a discussion of cybersecurity at the NATO level. As always, we wish you interesting reading.