The Two Sides of Cybersecurity


Nov 13, 2015

A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

Photo by Rick Wilking/Reuters

This commentary originally appeared on on November 13, 2015.

Cybersecurity is a two-sided proposition, requiring both defense of internal networks and the ability to operate effectively in the cyber domain. Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist and other threats in cyberspace.

The Department of Homeland Security (DHS) is the lead agency for protection of federal networks and its mission to protect federal and privately held critical infrastructure networks has attracted the most attention recently. Given fears about penetration of these networks, focus on cyber defense is certainly well placed. These concerns are based on incidents of intellectual property theft, fears about zero-day attacks that potentially have been deployed within networks, vulnerability of industrial control systems, and most recently the Office of Personnel Management (OPM) hack that compromised the personal data of over 20 million Americans.

The federal government has spent more than $50 billion on unclassified cyber over the past three years, including significant investments in two DHS sponsored programs, EINSTEIN 3A and Continuous Diagnostics and Mitigation (CDM) programs, which focus on keeping threats out of federal networks and identifying threats that may exist inside government networks. The defense of government networks is also supported by the DHS's National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Team. Of course, the foundation of cyber security remains an educated and situationally aware DHS and federal workforce.

This defensive structure has received the bulk of the attention, and indeed, the resources. Even congressional attention seems to focus on high profile cases of cyber hacking or attacks. But there's more to cybersecurity than preventing intrusion into government networks.

With increasing regularity, terrorists are using the cyber domain as a means of communicating with each other, recruiting, rallying their followers and even providing technical assistance. Inspire magazine, the al Qaeda sponsored online publication, has called upon like-minded jihadists with chemical and biology backgrounds to use their knowledge to attack Western targets. The deadly 2013 Boston Marathon bombing was carried out with the help of online instructions for building a pressure cooker bomb.

The same can be said of criminal activities taking place in the recesses of the darkweb, where illicit activity flourishes with the help of ever evolving anonymizing software. And once authorities take down a major offender, like they did with the Silk Road black market for drugs, weapons and other illegal goods and services in 2013, others, like Evolution, or Evo, quickly step in to fill the void.

Cyberspace serves as an enabler of DHS operations and its many components, including the Coast Guard, ICE, and the Secret Service. The recent 2015 U.S. Coast Guard Cyber Strategy (PDF) stresses the importance of cyber for conducting operations: “Information and communications networks and systems can help detect, deter, disable, and defeat adversaries.” The Coast Guard strategy also highlights the role of cyber in intelligence, law enforcement, maritime and military programs and critical infrastructure protection. The Secret Service maintains Electronic Crimes Task Forces (PDF) to fight cybercrimes, including cyber intrusions, bank fraud and data breaches. The ICE's Cyber Crimes Center focuses on economic crime, money laundering, identity theft, illegal exports, drug trafficking, child exploitation and digital forensics.

The relevant question that must be asked is whether enough resources and attention are being focused on these key capabilities?

It is clear that cyberspace is becoming an increasingly important and competitive domain in which DHS must have the capability to both defend networks and operate effectively against other threats. Recent trends demonstrate that criminal elements, terrorists and those desiring anonymity will be employing the Internet with ever increasing regularity and that their ability to operate largely unfettered is continuing to increase. In fact, the open architecture of the Internet is conferring distinct advantages to those elements seeking to conduct illicit activities, when compared to those in defense of networks and law enforcement.

So while response to high visibility events such as the OPM hack and defending networks is essential, authorities must also remain focused on the other side of cybersecurity. This means cyber research and development programs specifically designed to enable operations, a technically competent and innovative workforce, legislation that supports cyber operations in the homeland security space while still accounting for personal privacy concerns, and appropriate funding that complements the important shifts occurring in the threats' use of cyber.

Daniel M. Gerstein works at the nonprofit, nonpartisan RAND Corporation. He was the former Under Secretary (Acting) and Deputy Under Secretary in the Science and Technology Directorate of the Department of Homeland Security from 2011 to 2014.

More About This Commentary

Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.