Cyber Scene #12 - Divided or United??
Cyber Scene #12
Divided or United?? (no, not the U.S.--CyberCom and NSA)
The Cybersecurity Committee of Lawfare Blog addressed the Aug. 2017 GAO report presenting the DoD view on separating NSA and CyberCom. University of Texas/Austin Law School Associate Dean and Professor Robert Chesney notes that the report’s exclusive DoD perspective is limited, and underscores the exclusion of consultation with the Office of the Director of National Intelligence among other missing views. Chesney’s discussion raises more questions than it answers-not a criticism, but rather an acknowledgement of the need for in depth, detailed, nuanced understanding of the pros and cons of separating the two entities.
The Chairman of the Senate Armed Services Committee Senator John McCain argued, in 2016 under the last administration, that he would oppose dividing CyberCom and NSA.
The Law Fare Blog also published a 7 Aug. 2017 article by, most recently, former NSA Deputy Director Rick Leggett arguing why NSA should not reveal all cyber vulnerabilities, as has been discussed in the public/private sector perspective on privacy vs. security.
As a follow up to recent Cyber Scene discussions of the need for more precision in U.S. domestic legal discussions of cyberwarfare, Bloomberg Businessweek published on July 20, 2017, an interesting cyberwarfare "Focus/Security" discussion from another (or perhaps THE other) side entitled "Why We Need Cyberwar Rules of Engagement Now." The Berlin-based journalist, Leonid Bershidsky, recently emigrated from Russia to Germany following the Crimean invasion, calls for discussions between the world's two preeminent cyberwarfare countries. He cites sanctions damage, of course, but includes references to the updated 2017 Tallinn Manual, from NATO's Cooperative Cyber Defense Center of Excellence in Estonia. As mentioned in an earlier Cyber Scene, the Center is steadfastly anti-Russian, particularly after being famously, and embarrassingly, hacked by said country in 2007. Skeptics might question why Russia would choose to follow such rules, but the article itself, read carefully, is nonetheless interesting and includes a closing look at "quantum cybercrooks."
Congress is in a truncated recess. However, since 11 July 2017, the SSCI has held seven closed sessions and one open hearing, under Chairman Richard Burr (R-NC) and Mark Warner (D-VA). The hearings on 19 July addressed the nominations for three senior IC positions: Principal Deputy Director of National Intelligence Susan Gordon, Treasury's Assistant Secretary for Intelligence and Analysis Isabel Patelunas, and NSA's Inspector General Robert Storch. These positions now require Senate confirmation.
The HPSCI conducted a closed hearing on Russian Interference with Jared Kushner; the acting Chairman (Chairman Nunes having recused himself) Rep. Mike Conaway (R-TX) and Minority Ranking Member Rep. Adam Schiff (D-CA) gave a brief news conference highlighting the 3 hrs hearing's productivity, and the cooperation of Mr. Kushner who offered to return.
Come Together, Right Now
The House has passed the FY 2018 Intelligence Authorization Act, which enjoyed strong bipartisan support with a 380-25 vote (!). Cybersecurity is underscored in the second sentence whereas Russian interference in the U.S. election figures at the end of the following verbatim synopsis:
"This legislation provides the Intelligence Community (IC) the necessary resources and authorities to ensure they remain capable of protecting and defending the United States. The bill supports critical national security programs, particularly those focused on countering terrorism and cyberattacks. The total funding levels authorized by the bill are slightly below the President’s budget, balancing fiscal discipline and national security. This legislation:
- Focuses the Defense Intelligence Agency (DIA) on core missions by eliminating several DIA components and functions or realigning them to other IC elements;
- Defends against foreign threats to elections by requiring the Director of National Intelligence to electronically publish an unclassified advisory report on foreign counterintelligence and cybersecurity threats to election campaigns for federal offices;
- Bolsters intelligence oversight by ensuring that IC contractors can meet freely with Congress; and
- Improves IC accountability to Congress by requiring the IC to provide reports on:
- Investigations of leaks of classified information;
- Security clearance processing timelines;
- The process for reviewing information about computer vulnerabilities for retention or potential release; and
- Russian influence campaigns directed at foreign elections and threat finance activities.
The Act makes no changes to any surveillance authorities, including those set to expire later this year, which will be addressed in separate legislation."
In the Senate, the SSCI cleared the Intelligence Authorization Act as of 18 Aug. 2017, where it will move forward for a full Senate vote upon return from recess. This would point to a likely enactment of the bill, since the differences between the House and Senate would have been addressed in House and Senate intelligence committees, respectively.
N.B. FY 2018 starts 1 Oct. 2017 and Congress has only 44 days remaining in CY 2017, with not only the Intelligence Authorization Act but questions of a government shutdown, furlough, and budget looming large.
Cyber Borders or "Splinternet?"
The Economist revisits the rise of the global tech leaders in "Chaining Giants," investigating what actions governments worldwide, to include the U.S., China, U.K., Canada, Russia and others, are taking to impose constraints on the most powerful of the biggest multinational technology giants, even as the firms themselves have been looking at their own commercial barriers ("walled gardens" to control services) to bolster their success. U.S. and European constraints include holding tech firms such as Microsoft, Alphabet (Google), Microsoft and others responsible for what their users say. These are not, however, the same garden vegetables the firms themselves are cultivating.