January 16, 2013 | Issue Brief on National Security and Defense
The confirmation process for three key Administration positions is expected to begin in the next couple weeks, with Senator John Kerry (D–MA) nominated for Secretary of State, former Senator Chuck Hagel (R–NE) nominated for Secretary of Defense, and White House Chief Counterterrorism Advisor John Brennan nominated for Director of the CIA. While the nominees have all generally supported President Obama’s foreign policy and national security strategy, the United States needs to know more about their positions on cybersecurity and internet freedom issues.
The Senate confirmation process gives the U.S. Senate and the American public an opportunity to learn more about these candidates, what they believe, and how they propose to design the national structure of the U.S. going forward. The American people deserve straightforward answers from President Obama’s nominees, as well as strong assurances that they are dedicated to advancing cybersecurity and internet freedom policies that protect U.S. interests and speak out against those nations who use the cyber realm against their own people and the rest of the world.
While much of the current debate over cybersecurity revolves around the protection of domestic infrastructure and companies, cyber issues are truly international in scope. From cyber crime and internet freedom to cyber espionage and cyber war, President Obama’s new nominees will all have responsibility for critical elements of our cyber policy.
Secretary of State. Senator Kerry, as the Secretary of State nominee, faces important diplomatic challenges in how the U.S. deals with states that harbor cyber criminals. Regrettably, the current Obama policy is to play nice with these bad cyber states rather than calling them out. Exemplifying this policy, in September 2012 Secretary of State Hillary Clinton visited China and had the audacity to claim that both the U.S. and China were cyber “victims…and it is vital we work together to curb this [malicious] behavior.” China is an unrepentant bad actor in cyberspace, yet the Obama Administration’s policy is to try, naively, to work with the thief to stop theft.
Similarly, internet freedom around the globe requires a strong U.S. position. Freedom of expression is a basic human right and the Secretary of State must take a stand against those nations who would restrict this right on the internet. The Obama Administration has taken some action in this area, issuing an executive order that allows the U.S. to seize the property of those who use information technology to crack down on dissent. Sadly, the order could also backfire and hit innocent technology providers who merely sell legitimate products on the open market. The Obama Administration has also wisely resisted any U.N. takeover of internet governance, and such opposition should be continued. Ceding internet governance to the International Telecommunication Union, a U.N. organization, would give autocratic governments the power to regulate the internet in ways that would harm individual liberty around the world.
The U.S. must also advance our cyber interests through diplomatic efforts with our allies. Joining with other free nations, the U.S. can lead efforts to stop cyber crime and encourage internet freedom, by not only supporting and working with our allies, but also by calling attention to the malicious cyber actions taken by countries like China and Russia.
Secretary of Defense. Secretary of Defense nominee Senator Hagel has many difficult but important cyber responsibilities. The Department of Defense (DOD) has millions of plans, blueprints, and other pieces of sensitive data that are prime targets for cyber espionage. As a result of countless attacks, the Department of Defense has been active in its efforts to mitigate cyber espionage, taking measures such as developing strategies for operating in cyberspace and establishing procedures for cyber supply chain security. Such efforts must be continued if the DOD is to remain secure.
The Department of Defense must also be prepared to face all-out cyber aggression. U.S. cyber defenses must be prepared to mitigate cyber attacks, both in connection with or separate from kinetic attacks. Having clear policies for retaliation to a cyber attack are necessary to ensure deterrence as well as rapid responses to these attacks. The U.S. then needs a strategy to carry out offensive cyber operations. Already, the DOD has acknowledged the use of offensive cyber in ongoing conflicts, but it must also be ready for larger cyber combat against more prepared enemies.
Of course, planning and experience must be backed up with the appropriate capabilities. Already, conventional and strategic defense programs are underfunded, and the threat of sequestration means all U.S. defense systems, including those in cyber, will face devastating cuts. With rising threats in the real and cyber worlds and defense budgets increasingly under siege, there is real concern that the U.S. will not be able to field enough cyber soldiers and systems.
Director of the CIA. President Obama’s nominee to be the Director of the CIA, John Brennan, has the critical responsibility of overseeing covert cyber operations. The nature of the cyber realm lends itself to secret or at least anonymous actions, both important to covert operations. Perhaps the most widely known operation, Olympic Games, involved the Stuxnet virus which successfully delayed Iranian nuclear ambitions.
Regrettably, we only know about Stuxnet because leaks from within the Obama Administration completely nullified the “covert” element of that operation. The Director of the CIA must be fully committed to maintaining the secrecy of the CIA’s actions so as to not endanger our operatives and operations, as well as to maintain plausible deniability.
Given that these nominees have relatively little history on these issues, the Senate should extract the following promises from the nominees:
1) From Senator Kerry: Senators should press Kerry to name bad cyber and internet freedom actors. On top of this, Senators should push Kerry to take specific actions to combat bad cyber actors, such as using anti-censorship funds more wisely and supporting a multilateral task force of cyber allies that will aggressively name and shame bad actors. Additionally, the Senate should obtain a promise from Senator Kerry to maintain U.S. opposition to U.N. internet governance.
2) From Senator Hagel: Senators should make Hagel explain the nature of the cyber threat in his view. Given the growing and all-encompassing nature of the threat, the Senators should then make Hagel pledge to maintain, if not increase, the DOD’s cyber spending. If he refuses, Senators should ask Hagel how he expects to counter a growing threat with fewer resources.
3) From John Brennan: Given current investigations into Mr. Brennan’s role in several intelligence leaks, Senators should demand a promise to stop or dramatically reduce the number of these leaks that are harming our covert operations, both in cyber and tangible realms. A failure to obtain such promise would allow a dangerous continuation of the status quo.
The upcoming confirmation hearings should be used by the Senate to raise important questions and concerns about the direction of U.S. foreign policy under President Obama. As the U.S. becomes weaker and the world continues to become more dangerous in both the cyber and tangible worlds, the Senate should ask difficult questions and provide much-needed advice to help steer U.S. policy toward greater security and freedom.
—Steven P. Bucci, PhD, is Director of and Paul Rosenzweig is a Visiting Fellow in the Center for Legal and Judicial Studies in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, at The Heritage Foundation. David Inserra contributed to this report.
Steven Bucci and Paul Rosenzweig, “Secretary Clinton Declares U.S. and China Equal as Cyber Victims,” The Heritage Foundation, The Foundry, September 6, 2012, http://blog.heritage.org/2012/09/06/secretary-clinton-declares-u-s-and-china-equal-as-cyber-victims/.