We all use it. From filing taxes to shopping, the Internet and cyberspace have been deeply entrenched into the every day lives of the American people. Is it any wonder such a widely accessible instrument has seen a dramatic increase over the last decade of cyber intrusions? These intrusions exploit and expose sensitive personal, business, and national security information to those who use the information for their own gain at a detriment of others.
In late 2012, President Obama issued a Presidential Policy Directive, which states the “government will identify potential targets of national importance where Offensive Cyber Effects Operations can offer a favorable balance of effectiveness and risk compared to other instruments of national power.” Additionally, the directive states actions against the United States and serious adverse foreign policy or economic impacts as significant consequences of cyber warfare. The United States government has already participated in one major cyber attack: the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges.
Furthermore, in February 2014, the United States Army issued a Guidance on Cyberspace Operations. The purpose of the manual was to instruct commanders and their staffs in developing new approaches to “seize, retain, and exploit advantages throughout an operational environment…while simultaneously denying and degrading adversary and enemy use…” The explanation for such a publication was that today’s Army must be prepared to operate in cyberspace and treats the subject as a normal part of military disputes. Cyberspace attacks may be directed at information between computers, including cell phones, and computer networks used by enemies. Attacks could use “tailored computer code [and] . . . manipulation . . . to control or change information, information systems and networks.”
Finally, last June, the Chairman of the Joint Chiefs of Staff (CJCS), General Dempsey, issued a classified (EXORD) to allow and initiate a military operation, which was related to the conduct of military cyberspace activities. The previously undisclosed EXORD was made known last week in a new Air Force Instruction, which stated “Classified processes governing C2 [command and control] of AF [Air Force] offensive and defensive cyberspace operations conducted by AF Cyber Mission Forces are addressed in a classified CJCS [Chairman, Joint Chiefs of Staff] Execute Order (title classified) issued on 21 Jun 13,” titled “Command and Control (C2) for Cyberspace Operations.” An EXORD occurs when the President decides to initiate military operations. At the Secretary of Defense’s command, the CJCS issues an order. For the most part, this EXORD is still classified.
These three instances over the past few years show a substantial increase of activity in the field of cyber security and warfare. What is to be done about the latest and growing national security threat? As one senior administrative official said, “Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces.” With this in mind, legislation from both Houses of Congress has been put forth to try to tackle the emerging threat cyber security may pose.
H.R. 624, better known as the Cyber Intelligence Sharing and Protection Act (CISPA), intends to provide for the sharing of cyber threat intelligence and information between members of the intelligence community and cybersecurity entities. CISPA would allow the federal government to provide classified cyber threat information across the private sector to help American companies protect themselves from advanced cyber threats. Furthermore, CISPA would allow the private sector to share information with the government on a voluntary basis. This legislation would provide companies with liability protection for acting in good faith to protect their own networks or share threat information. It would also permit protections for privacy and civil liberties.
Many well known names, like The Cato Institute, the American Civil Liberties Union (ACLU), and Mozilla (the creators of Firefox), have overwhelmingly opposed this bill. These institutions complain of allowing unlimited sharing of personally identifiable data amongst and between private companies and the government. Similarly, they argue CISPA gives the federal government the ability to gain private information from companies to track, control, and share almost all the American peoples’ online information. This could be done without the use of a warrant, undermining the Fourth Amendment.
While the need for cyber security grows and cyber warfare looms on the horizon, with hints of the results of such tactics and preparation present even now, what will be the cost of the protections put in place? Our privacy?