Pre-CSIS

The Center for Strategic and International Studies has provided a list of five readings that would better prepare us for our three day trip to D.C.  One has a comprehensive overview of CSIS and its programs, through a forecast that attempts to predict what will drive the future.  Two others are James Lewis discussing the importance of cyber-security.  The last two documents review the current United States cyberspace policy and the Department of Defense strategy in cyberspace.  While I had an active interest in cyber-space prior to reading these articles, I did not realize the scope of the problem or understand the United States’ position on it.

James Lewis has written numerous articles on how government should adjust to technological innovation.  Prior to joining CSIS, he had worked as a Foreign Service officer and as a member of the Senior Executive Service.  In his speech Rethinking Cybersecurity he remarks that cyber threats are not solely determined by how sophisticated our defense is.  Even if we had better technology, more sophisticated threats would evolve to threaten that technology.  Our largest risk comes from the outdated discussion on cybersecurity and the policy that has emerged from it.  He goes on to detail the source of threats that have emerged from cyberspace.  Cyber terrorism is considered a future problem that does not pose an immediate threat.  Military and intelligence services pose the largest threat and, along with that, state sponsored espionage.

In Lewis’ policy recommendations, his first step is to make internet service providers responsible for protecting its customers.  This is an interesting objective.  Almost every form of online censorship demonstrated by foreign governments dealt with the internet service providers.  When Egypt blacked out internet communication, they contacted their five providers and ordered them to redirect information.  When articles discussed whether this type of censorship was possible in the United States, most determined that it very improbable due to the vast number of companies the government would have to censor.  While internet traffic in the U.S. does have bottlenecks, they don’t reside with the internet service providers.  There are thousands of providers in the U.S. and it seems like a huge undertaking that would cause a lot of fear.  I’m sure if internet service providers began notifying people that they had a virus, it would largely give off a “big brother” vibe.  While I agree that service providers must bear some responsibility for security, implementing such a program seems costly and would face a lot of opposition.

Source: xkcd.com

 

Lewis goes on to describe a few more necessary policy changes.   Recommending active defense was one that stood out to me.  It’s not discussed very often, mostly due to the secrecy of the tradecraft.  The U.S. is currently allowed to actively monitor foreign networks to better prevent malicious attacks.  Active network monitoring carries a lot of ethical concerns with it, especially if it is done domestically.  While we actively monitor other forms of communication, it’s all foreign collection unless especially approved (to my understanding).  I was surprised to find out that Tier One service providers monitor the traffic that flows over their networks.  I hope to find out, when I have more time, what actual monitoring occurs.  I believe that a government partnership with these efforts would result in huge security improvements.  How to implement such a program is a sensitive conversation, which would need to involve the privacy concerns associated with domestic data monitoring.

Digital Diplomacy

Iran shut down its U.S. embassy 32 years ago.  More recently, Iran has demonstrated just how different modern diplomacy can be by shutting down a virtual U.S. embassy.  News sources in Iran have called this virtual embassy the “latest plot by Washington against the Iranian nation.”  Of course, the actions of Iran were condemned by our administration as the Iranian government’s “commitment to build an electronic curtain of surveillance and censorship around its people.” The U.S. hasn’t had a physical embassy presence in Iran since 1980, after it was removed due to conflict from the Islamic Revolution.  This recent move by Iran and the U.S. occurred only a week after the British Embassy was vandalized by student protestors suspected of working for the Iranian government.  The attack on the British Embassy is now referred to as the Occupy Embassy protests by Iranians, correlating it to the Occupy Movements gaining popularity in the U.S.    

Check out the embassy here: http://iran.usembassy.gov/index.html

Iran’s leaders have approved, if not caused, the students actions against the British Embassy and the media praises their decision on the U.S. virtual embassy.  There are numerous websites that are unavailable to Iranians, including social networking and news sites, and it took less than 24 hours for Iran to ban the embassy site nationally.  Ignoring Iran’s reaction for a moment, I can’t help thinking that the U.S. had some bad timing.  One week after the British Embassy is ransacked and removed from Iran, with accusations that the attack was organized by the Iranian government, the U.S. decides to implement a virtual embassy in the country when it is well known for online censorship.  Filtering through all of the publicity surrounding the issue, I still can’t find what the U.S. could have hoped to achieve with the virtual embassy.  The site seemed doomed from the beginning.  

I can only assume that the U.S. issued this site in response to a need in its intelligence war with Iran.  If Stuxnet, the malicious software designed to degrade Iran’s nuclear capability, was designed by the U.S., it represents a huge focus on Iran.  Stuxnet was previously an unknown capability of advanced governments.  Using the software revealed this capability and decreased its future effectiveness.  My personal opinion is Stuxnet was probably was implemented to buy time, since Iran will probably still develop nuclear weapons despite the setbacks the virus caused.  It was a covert diplomatic decision that reflects the times and demonstrates the new tools we have at our disposal.  Perhaps the virtual embassy had a similar unknown purpose.  I’m sure the State Department isn’t naïve enough to assume the site would remain open to regular Iranians.

Stuxnet and virtual embassies represent significant differences technology has brought in our response to threats.  United States diplomacy has always been intertwined with intelligence, with both offensive and defensive strategies.  While this has been true for many years, the tempo of events has increased drastically.  Digital diplomacy is the response to that tempo.  We can more effectively react digitally with the speed and size required for modern threats.  While I’m wowed by recent abilities demonstrated by governments, we will probably see even more incredible capabilities in the near future.