Tag Archives: Cybersecurity

Foreign Policy Experts Nance, Stavridis Warn of Global, Domestic Threats to Democracy as Authoritarians Rise

Malcolm Nance (left), a renowned counter terrorism and intelligence consultant for the US government’s Special Operations, Homeland Security and Intelligence Operations, and 4-star Admiral James Stavridi (right)s who was the 16th Supreme Allied Commander at NATO, engage in a dialogue on foreign policy moderated by Errol Louis, a political anchor at NY1 News, took place at Temple Emanuel of Great Neck, Long Island on March 18, 2018. © Karen Rubin/news-photos-features.com

By Karen Rubin, News & Photo Features

A dialogue between Malcolm Nance, a renowned counter terrorism and intelligence consultant for the US government’s Special Operations, Homeland Security and Intelligence Operations, and 4-star Admiral James Stavridis who was the 16th Supreme Allied Commander at NATO, senior military assistant to the Secretary of the Navy and Secretary of Defense, moderated by Errol Louis, a political anchor at NY1 News, took place at Temple Emanuel of Great Neck, Long Island on March 18, 2018. It proved to be a seminar on foreign policy, with some tough words for the need to defend democracy against a tide of anti-democratic, authoritarian forces both domestic and foreign. “We have to solve this –at the ballot box.” 

Here are highlights from the provocative discussion:

Errol Louis: Moderator: Both of you were at the Pentagon on 9/11; Nance was even an eyewitness. With the rise of terrorism, how safe are we? 

Malcolm Nance: Since 9/11, we went for a short while in the correct direction in counterterrorism, bringing the world together to confront global threat. Unfortunately the invasion of Iraq in 2003 broke the mechanisms in Mideast that were functioning – poorly, but indigenous – strongman dictators. Once we invaded, we unleashed demons we could not foresee. The ebb and flow of regional solutions all went out the window.

Before, the hardest problem was people trying to solve Palestinian problem. That’s nothing compared to radical Islam. You can negotiate with Palestinians, even Hamas, groups in Iran.

We have a bigger problem: just keeping the democratic norms in the world, not just US. Democracy as an ideology is now under attack, every day.

Admiral James Stavridis: I agree. Go back 100 years – 1918. The world is coming out of World War I, Spanish influenza pandemic sweeping, 40% of world’s population were infected, 20% of those will die. US walking away from Europe, isolating ourselves, rejects the League of Nations, erects enormous tariff barriers – cracked the global economy. You can drop a line from that to the rise of fascism and World War II. That is a dark global picture.

We have mechanisms to deal with many of the challenges but agree [with Nance] that the whole ideology of democracy is wrapped up in great power politics, the rise of two authoritarian figures- Putin [just “re-elected” to a fourth term]. President Xi Jinping isn’t even putting on faux election, he declared himself the new emperor. These authoritarian systems are a challenge to democracies in ways we haven’t dealt with in 100 years.

We have two other concerns: a new pandemic – don’t spend much time thinking – but every 100-200 years of human history, a pandemic rises, despite fact of enormous advances in medicine. We are due for one – ability to manipulate genome can allow dark dark work. [Consider how Trump has cut funding to the CDC, and would likely not step in to stop a new outbreak of Ebola or Zika outside the US.]

Our vulnerability is in cyber. We are utterly dependent on massive cyber systems. We are at great risk – that’s where the two strains – cyber vulnerability and way authoritarian regimes will come after us – those streams are crossing – we have work to do, tools,

So, how safe are we? We have challenges, but I am cautiously optimistic. The question is whether our democracy will put in the right people.

Louis: Pointing to [Trump’s] new direction in foreign policy [and the fact that the State Department is considering removing ‘human rights’ from its mission statement], why is it to our advantage to fight for democracy and human rights and why is this not a form of international charity? 

Nance: NATO, after World War II [was devised] to stop wars by creating a grand alliance – to spread that ideology around the world., not just American democracy, but allow others to develop their own form of republic, democratic governorship, whether a constitutional monarchy or a republic like France. That is under attack. Democracy is in retreat. ‘Democracy’ has been removed from mission statement of the State Department.

When we were struck on 9/11, it hurt me deeply – I spent my life in worst parts of world getting back. Now, that threat is from within – people in our country do not believe in democracy; autocracy, as being pushed by [Putin] former director of KGB, is better alternative to liberal democracy and European parliamentary democracy-Iit’s all under attack.

It is not a charity – America doesn’t do this as charity. We invented globalism – in WWII –we literally dropped it out of airplanes; people wanted our products at the end of war. Now people believe our system of economy is fundamentally wrong, NATO should be disbanded, the European Union should go away and every country in Europe should be its own autocracy with Moscow as polar center. There are people in US government who believe that.

Admiral Stavridis: “Why does democracy work? It’s not simply the value system. There’s a pragmatic element. With democracy, people [who are disaffected, aggrieved] get to change government peacefully – a safety value.” © Karen Rubin/news-photos-features.com
Stavridis: Why does democracy work? It’s not simply the value system. There’s a pragmatic element. With democracy, people [who are disaffected, aggrieved] get to change government peacefully – a safety value. That’s why we worry about authoritarianism –eventually [discontentment] will blow, and when that happens [authoritarian regimes] will go in search of monsters abroad, look for scapegoats, combat operations. We ought to be very concerned about authoritarianism.

What do we do about it? What’s our move? A couple of different things can do – continue to rely on a system of alliances – that’s why we should worry about tariff barriers, and walking away from NATO, that take global structures apart. We need to rely on those. We need to get vastly better at strategic communications, explaining our ideas. War of ideas? It’s a marketplace of ideas. We have to compete – democracy, liberty, freedom of speech, education, assembly, racial and gender equality – we execute them imperfectly but they are the right ideas. We have to communicate that in ways that get beyond ‘We have the right answer.’ Lay it out pragmatically: why it works. Because there are forces pushing against it.

Louis: Trump’s statements about NATO alarmed people, [yet] US deployed troops to Poland as part of NATO task force exercises. Is his rhetoric worse than reality?   

Stavridis: Candidate Trump said NATO was obsolete and he would consider pulling out altogether. Fortunately, on this subject, he [appears to have] listened to General Mattis, the Defense Secretary; General McMaster, National Security Adviser [so far], Secretary of State Rex Tillerson (oops). But on NATO, I am cautiously optimist he has gotten the message that NATO really works.

Nance: NATO is 28 nations, 52% of world’s GDP, 3 million troops under arms, 24,000 combat aircraft, 800 warships, 50 early warning aircraft – it is the richest, most powerful alliance in human history. US spends $600 billion/year on defense, the Europeans $300 billion. To put that into perspective, Russians spend $80 billion, Chinese $150 billion. We outspend in part because of our European allies – they should spend 2%, and are on track to do so in next 3-5 years. The alliance remains fundamental to US – it is pragmatic value for US to be in alliance.

Where did this idea come into Trump’s head that NATO wasn’t a good value, that US was connected to countries not paying their fair share? In November 2013, Trump went to Russia for the Miss Universe pageant and while he was there, he was brought to a private 2 hour meeting arranged by Aras Agalarov, [a billionaire Russian real estate mogul with ties to Putin] who funded the pageant, in a restaurant owned by Galaroff. [Trump] came out of that meeting spouting the Kremlin party line – anti-NATO, anti-globalization, anti European Union, anti treaties and alliances, believing that Russia is the premiere superpower. The only thing we don’t know is whether he believed it or whether some inducement got him to believe – he said it during campaign. Now he seems to have some change of view. NATO [which Admiral Stavridis once commanded] unilaterally evoked Article 5 after [the US was attacked on] 9/11 – for 10 years they gave their blood and treasure to defense of this nation. This is the single greatest force for good since world War II. Russia wants to do away with NATO – they call us Atlanticist, globalist – their philosopher Aleksandr Gelyevich Dugin [who holds fascist views] convinced Steve Bannon, almost the Goebels of the anti-democratic movement, goes around the world, trains, help foster other countries to believe the Atlantic alliance is the problem in the eastern and western hemisphere.

Stavridis: Why NATO matters: 1) The values we share. We will never see another pool of partners who have these values. It is no coincidence because [the Founding Fathers] got them from Europe, from the Enlightenment. 2) The geographic position of Europe matters – why we need those Cold War bases in Europe – those are forward operating stations in the global war on terror 3) It’s the economy and trade between US and the NATO countries.

Also, when I commanded 150,000 NATO troops in Afghanistan, the nation that lost the most on a per capita basis was Estonia. Number 2 was the Netherlands. The US was number 3. They were with us in that fight because we had been attacked on 9/11. This is an alliance that stands and delivers for us. (applause)

Louis: What does [Trump’s] firing of [Secretary of State Rex] Tillerson mean in the broader sense. Is it deliberate, a competence question, a larger crisis, an administration not executing?

Stavridis: When Secretary Tillerson got the job, I thought it was a good choice –a  global businessman, contacts all over the world, quiet, laconic, very serious Texan, tough minded. I thought it an interesting choice, it might turn out well. But Tillerson simply was not a very effective Secretary of State. He couldn’t gain real connectivity in the White House – in a state of constant chaos. How can you be Secretary of State for a president who one minute, says, ‘We will solve Korea with fire and fury like never seen – a preemptive declaration of war –and three months later, be ready to go and cut ‘the deal of the century’ – a defensible policy choices but not for same person. So to be Secretary of State trying to articulating that –the work of Sisyphus, boulder rolling down. As a result, morale in the State Department cratered, applications for foreign service are down 50% in the last 2 years. You don’t get that back –you  lose a generation if you can’t fill those slots, let alone, not filling crucial ambassadorships [including South Korea]. This is as bleak a moment for American diplomacy. A chaotic inexperienced White House that sadly doesn’t seem to be getting better in 14 months (feels like 14 yrs).

Malcolm Nance: “Trump thinks diplomacy is a big stick. His way of negotiating is threatening..A generation [of diplomats] is gone. Ben Franklin, Thomas Jefferson, John Adams –our first 3 ambassadors – must be spinning in their graves.”
Nance: It appears diplomacy has shifted over to war fighters. Trump thinks diplomacy is not speaking, thinks diplomacy is a big stick, and if everyone sees us as a big stick nation, there will be no communications. The acting Secretary of State is technically Ivanka Trump –Trump is using Ivanka and Jared as an alternate State Department because Trump doesn’t know what the state department is, what diplomacy is. His way of negotiating is threatening –he sees no value in the institution or maintaining. [He is defunding the State Department, institutes]. But the institutes (nongovernmental) are there to help foster democracy and republicanism within countries. They brought about change in countries that would otherwise become a dictatorship – gone. A generation [of diplomats] is gone. Ben Franklin, Thomas Jefferson, John Adams –our first 3 ambassadors – must be spinning in their graves.

Louis: Will the opening of US embassy in Jerusalem bring about a cataclysm?

Nance:  It could happen. What’s happening in Mideast – so much change, dynamics. You can even see in how the Israeli-Palestinian problem is pushed off – rise of Iran, Syria, Turks invading northern Syria and setting up against the entirety of Kurds (who we fund), Yemen. Palestine-Israel conflict is the ‘good ol days.’. When the deed is done, and US embassy is moved, Saudis may give head tilt to that. I don’t know if there will be another intifada – the strings were cut after the Iraq invasion.

Stavridis: These kinds of conflicts – religious with a geopolitical overlay – are very dug in, and go on and on. The really bad news is that in middle is our greatest friend and ally in the region, Israel.

What should we do? Four things: stand with Israel – (applause)- the reasons are pragmatic, values, all the same things that make us want to be in NATO, should energize our alliance with Israel – 2) Need to work closely with Sunnis (Saudi Arabia, Gulf States, Egypt, Jordan). The Saudis are giving head nod on the peace plan, drawing closer to Israel, willing to exchange information, intelligence, missile defense, early warning. Why? because both are concerned about Iran (which is Shi’a). We ought to understand the Iranian self-view: we think of them as mid-size power, they think of themselves as inheritors of the Persian Empire which 2000 years ago, dominated the region. That’s what they want to reconstruct. Working with Israel, alliances, better in cyber, insuring missile defense strong, stand with Israel.

Louis: How to address the humanitarian disaster in Syria, knowing Russia is smack in the middle?

Nance: We had the opportunity to crack this nut in 2012 after Assad’s chemical attack. I advocated then to destroy the Syrian air force utterly – that’s the strategic advantage Syria has over the allies. Then you have put Israel in powerful position; limits Iranian involvement (because they won’t have a runway to land), and gives opportunity to show Arab States here is a chance to use ground forces to do humanitarian intervention. Arab League, Egyptians, Jordanians, Saudis have enough forces to be in Damascus in 72 hours out of northern Jordan. But so long as Russia backed and Syria can resist, won’t do it.

Stavridis: We last saw a problem like Syria in the Balkans, 20 years ago: Yugoslavia blew up – forced migrations, 100,000s killed – like Mideast – Catholic Croatians, Orthodox Serbians and Muslim Bosnians – a religious war with geopolitical overtones that was ultimately solved by partition. Yugoslavia was  broken apart and created sub-states. That was imperfect but at the end of the day, that is what will happen in Syria – it is broken now, and won’t go back- that’s 3-5 years away.

Why is Iran in Syria? Iran wants a land bridge so it can move missiles and fighters from Tehran to Lebanon because that endangers Israel. That’s why we need to move to international solution that somewhat marginalizes Iranian influence – can do with leverage over Russia – the White House needs to get tough on Russia. 

Louis: China. The notion they now have a president for life there, with no mechanism to change leadership – if there are internal problems, if there is a falling out within society or economy or ideology in a bad place, what happens?

Stavridis: The good news is that China will continue to grow at 5%. If they do, the population will stay relatively quiescent. But China’s road gets rough in out years- demographics – an aging population, the imbalance between men and women created by the One-Child policy which led to killing baby girls. We’ve never seen a society as ill balanced. Plus, China’s environment is disaster, requiring billions if not trillions to remediate. The housing market is overheated (reminiscent of 2008 in US). With no democracy, there is no way to relieve the pressure. Xi will have smooth run for awhile, but it gets rough in 5-10 years. That’s when we should worry about Chinese foreign policy that is nationalistic, seeks to find a scapegoat outside, and look for conflict in South China Sea. (See the movie, “The Last Emperor,” about Puyi and read Robert Kaplan’s, Asia’s Cauldron”.)

Errol Louis: What is Putin’s end game? © Karen Rubin/news-photos-features.com

Louis: What is Putin’s end game?

Nance: Putin has imperial goals – Atlantic Alliance between Washington and European states has since WWII brought economic, cultural influences Russia cannot stand – They believe it has marginalized Russia’s limited economic power.  All the good that has come from NATO, the EU single market, the US flow of traffic across Atlantic does no benefit to Moscow. Putin realizes that 75% of Russians live in the European part (75% of land in Asia). He believes Russia should be the pole in which Europe should do trade – EurAsianism. He is ruling more like Czar Nicolas I – religious orthodoxy, nationalism, autocracy (while France was creating fraternity, liberty, equality). Russia is buying every conservative, neoNazi group in Europe – owned, lock stock and barrel by Moscow.

Last march, for the second time in American history, France saved democracy – had Marine Le Pen won, France would have withdrawn from NATO,broken up the European Union and aligned France with Moscow, bringing along everyone to Moscow.

Stavridis: Putin’s end game: H will be the dominant force in Russia until the day he dies, and Russians accept it. This is Russian custom, history, culture.  Read literature- Dostevsky, Pushkin – how Russians look at powerful male leaders. Sometimes they get a Peter the Great, the next time Ivan the Terrible; sometimes get Stalin, but then get a Gorbachev – they are willing to roll the dice. But the dice have landed on Putin, he will not give up power. We have to deal with this operative. I met Putin a couple of times. Bush Jr. met Putin and was completely taken –he said, ‘I looked into his eyes and saw his soul. We can work with Putin.’ McCain, a true war hero, met with Putin  and said, ‘I saw 3 letters: K-G-B.’ I think McCain got that one right – and that’s what we will deal with.”

Q&A

Is climate change a national security issue?

Stavridis: Climate change is a significant national security threat. Because of global warming, ice is melting in the Arctic, opening up shipping lanes and hydrocarbons, creating a great power competition – on one side is Russia, on the other side US, Canada, Iceland, Norway – they are all NATO; 2) Rising sea levels gradually affect our ports, our ability to operate in major naval bases and ports 3) Global warming will impact our ability to operate globally because of cost – we will have to mediate against environmental concerns, which will put downward pressure on defense budgets 4) What should worry us most is that as oceans heat up, photosynthesis is diminished affecting oxygen in the atmosphere. Vice President Gore called the Amazon the lungs of the earth; Nope, 70% of oxygen comes from photosynthesis in oceans, and we are abusing them. These are major national security concerns.

What if in the next few months Trump abrogates the Iran Nuclear Treaty?

Stavridis: I expect Trump to abrogate the Iran Nuclear Treaty. 1) That will have chilling effect on negotiations with North Korea – they are unlikely to enter into grand bargain having just witnessed the abrogation of the Iran treaty. 2) Iranians will almost immediately restart their nuclear program – they are probably in primed position to do so. 3) The treaty is not perfect but ending it will put Israel at greater risk because of re-energization of the Iranian nuclear program 4) Allies will be furious, it will put enormous strains on the NATO alliance, and probably not lead to European allies walking away, so US will become even more of an outlier. I wasn’t a fan initially – it isn’t a good/bad deal, it is a done deal, the best we could have at this point.

Nance: I spoke with a senior briefer at CIA who briefed Obama on the details that convinced Obama to sign the Iran Nuclear Treaty: The way the agency assessed, Iran was 6-12 months away from developing an atomic bomb, but with the treaty, Iran gave up all components, 90% of its enriched nuclear material and was pushed back 15 years We do not want a war with Iran. Why would we put ourselves in a position to give Iran the ability to have a nuclear weapon? There is no limit to the mischief that would create. And if [unleashed], Iran would go straight to North Korea with $ millions to buy a nuclear weapon.

Malcolm Nance, Errol Louis, Admiral James Stavridis and Rabbi Stephen S. Widom who hosts the Cultural Arts events at Temple Emanuel of Great Neck, Long Island © Karen Rubin/news-photos-features.com

How to solve the humanitarian disaster that is Syria?

Stavridis: A combination of defense, diplomacy, development – hard and soft power. [This was shown to work in Colombia, after a 60-year insurgency that destroyed the fabric of the country; and the Balkans.] You don’t have to choose hard or soft  power. So often, the long game is combination of all those tools – development, diplomacy and defense when need it – to get balance right, requires leadership. We are very good at launching missiles. We need to get better at launching ideas. We can do both. (Applause)

Nance: That’s smart power. We are a global force for good but have to be global force for diplomacy.

Considering the hollowing out of our diplomatic forces to the benefit of Putin, [possible collusion] in cyberwarfare, why is there reluctance to use the word ‘treason’ in regard to Trump?

Nance: There is a legal definition – Article 3 – to ‘treason.’ You literally have to be at declared war with an enemy and give aid and comfort to enemy. That is rarely invoked – we have sent people to prison for espionage, divulging secrets but the last time anyone was tried for treason was the Rosenbergs. I don’t think that word applies legally – from what we’ve seen.  Where the president violated his oath of office,  you can use ‘treason’ rhetorically if you feel betrayed, or ‘treachery’. I don’t think will be able to use ‘treason’ in legal sense . this investigation started as national counter intel – a spy hunt – still a hunt for citizens in direct communications with foreign intel officers.

What check is there on this president who many think is a madman, is the military prepared to step in and save democracy? 

Stavridis: ‘I solemnly swear to support and defend the Constitution against all enemies foreign and domestic – no expiration. The military isn’t going to step in and solve this. We have to solve this –at the ballot box. In 1840, Alexis de Toqueville wrote about this strange new phenomenon of democracy. He was largely laudatory, but the punch line: ‘the tragedy of democracy is that in the end you elect the government you deserve.’ We need to own this problem. No one will solve it for us. We need to get out in November, and again two years later, and we can solve this problem.

Nance: We have entered the greatest period of political activism – I believe it will even eclipse the Vietnam era – 1968. But since World War II, we have gotten fat and lazy and enjoy fruits of democracy.

We have guardrails – you have 246 days to solve part of this problem – but to do that you have to bring yourself and everyone who has not voted in last election.

The military is not designed for coup d’etat. We would really be a third world banana republic. But we can stop stupid – unlawful orders.

Emperor Xi. China building pipelines through Africa into the Stans, helping China, become #1 in world, developing 5G. How will that affect us?

Stavridis: China historically has not had global ambition, but 16 months ago, President Xi gave a “coming out speech” at Davos for China in the 21st century: One belt, one road philosophy – using economic power to further the interests of China. China just built its first overseas military base, at the Horn of Africa. China is on the move. When historians 300 years from how write about the 21st century, how that story comes out will be US and China and the rise of India. We need to be mindful of China, align with India, hold close our global allies, help develop this hemisphere to the south of US. That ought to be our strategy. And China should be top of the list to watch.

Nance: If this administration would understand strategy: China is brilliant. Go to sub-Saharan Africa –that used to be the land of the Land Rover, then Toyota, now you see Chinese Long March and Running Deer pick ups – they are $2000-$5000 but are everywhere. China is colonizing the sub-Sahara economically– buying whole sub-sections of countries to ship food to China. If China develops 5G cell telephone networks before the US gets it into Manhattan, China can export worldwide and own global communications. China is building wind plants, is now the world’s largest producer of solar panels (an industry we used to own). Without a strategy, where you think about where we are, where we will go and put together government resources to get there, we are dead in water. And that requires diplomats.

To what do you attribute Iran’s vitriolic hatred for Israel?

Nance:  Iranians love America –they are held down by an authoritarian regime using Islamic fundamentalism which the bottom 20% believe, not the people who used to run the country or could be, not the youth who all want what all in the Mideast want – a 2018 Toyota Corolla – they want trade, to be involved with world. Hatred for Israel is a schtick.  They don’t really care – they care about religion, family and to be left alone to do what they want. If they see a threat to Al Aksa mosque, they will respond. Palestinians smartest arabs in mide, most educated – everywhere but Palestine – if I were them, would work out public-private partnership to rebuild Palestine as moderate state, so don’t get Islamic cultism of ISIS. If that happens, will be zombie scene, walk into guns. Hopefully Saudi Arabia will focus away from ‘Death to Israel.’

What is impact of Erdogan of Turkey turning his back on western values toward Islamic fundamentalism?

Stavridis: President Erdogan, an authoritarian, is consolidating power rapidly, the most accelerated of all the authoritarian leaders in having taken his nation from functioning secular democracy to one man rule in 5 years. Extraordinary. The bad news is that Turkey is vital to Europe, to US. We need a stable western-looking Turkey – now drifting out of our orbit. We should pay attention, show respect, send high level missions, but behind closed doors, convince Erdogan the trajectory he is on will isolate his nation,. He will never have cozy relationship with Russia or Iran – that won’t work for Turkey. Turkey understands that at a fundamental level. We need to work with Europeans to exert pull on Turkey also. Turkey is more than a bridge (between Asia and Europe), it is a center of power – its population will exceed Russia’s. Turkey is on the move. We need to keep them in our orbit.

The intel community wanted the $120 million appropriated by Congress to fend off cyberattacks on our electoral system. Homeland security issued an alert that Russians already in our computers that run powerplants, and now could turn off electricity. What do we do about that?

Stavridis: We need to reveal more about what we know, to underpin the argument for retaliation –so we can be more aggressive in how we retaliate. We need better private-public cooperation. Government can’t solve this by itself – all our electric grids are intertwined. We have got to get government agencies working together on cyber – agriculture, interior – nobody is focused on cybersecurity.

Considering the rise of authoritarians, what happens If in the next 3 months, Trump fires Deputy Attorney General Rosenstein, and a new one fires Mueller. Will Trump be impeached? 

Nance: Trump won’t be impeached before November. But we have guardrails. John Dean said that the day after Nixon fired Watergate investigators, the rest were still at work, he just fired the leadership. If Trump fires [Deputy Attorney General Rosenstein] (and [Special Counsel Robert] Muller), he would have sealed his doom about obstruction of justice and the investigation will continue

Stavridis: I believe Congress, including enough Republicans, would respond – not impeach, but there would be a [Constitutional] crisis and the guardrails would kick in.

In the present nuclear environment, is the doctrine of mutually assured destruction still relevant?

Stavridis: Yes.

_____________________________

© 2018 News & Photo Features Syndicate, a division of Workstyles, Inc. All rights reserved. For editorial feature and photo information, go to www.news-photos-features.com, email editor@news-photos-features.com. Blogging at www.dailykos.com/blogs/NewsPhotosFeatures.  ‘Like’ us on facebook.com/NewsPhotoFeatures, Tweet @KarenBRubin

Obama Levels Sanctions at Russia in Response to Interfering in Election, Harassing Diplomats

Russian President Vladimir Putin, at the 2014 Olympics in Sochi. The US has evidence that Putin was directly involved in orchestrating cyber attacks and information dissemination intended to tilt the US election toward Donald Trump’s victory. Trump has dismissed the unified analysis of more than a dozen US intelligence agencies and has indicated he would be a close ally of Putin or as Hillary Clinton put it during the campaign, “Putin’s Puppet.”© 2016 Karen Rubin/news-photos-features.com
Russian President Vladimir Putin, at the 2014 Olympics in Sochi. The US has evidence that Putin was directly involved in orchestrating cyber attacks and information dissemination intended to tilt the US election toward Donald Trump’s victory. Trump has dismissed the unified analysis of more than a dozen US intelligence agencies and has indicated he would be a close ally of Putin or as Hillary Clinton put it during the campaign, “Putin’s Puppet.”© 2016 Karen Rubin/news-photos-features.com

By Karen Rubin, News & Photo Features

Today, President Obama authorized a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election in 2016.  “Russia’s cyber activities were intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government.  These actions are unacceptable and will not be tolerated,” the White House stated.

“Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election,” President Obama stated . These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior.

“All Americans should be alarmed by Russia’s actions. In October, my Administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process.  These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year.  Such activities have consequences.  Today, I have ordered a number of actions in response.”

The President issued an executive order that expands upon his authority to respond to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners.

Using this new authority, Obama sanctioned nine entities and individuals:  the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.  In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information.  The State Department is also shutting down two Russian compounds, in Maryland and New York, that the government charges were being used by Russian personnel for intelligence-related purposes. Also, the State Department is declaring “persona non grata” 35 Russian intelligence operatives who will have to leave the US within 72 hours.

Finally, the Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information on Russian civilian and military intelligence service cyber activity –including the codes and IP addresses – to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

“These actions are not the sum total of our response to Russia’s aggressive activities,” the President added. “We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized. In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance. To that end, my Administration will be providing a report to Congress in the coming days about Russia’s efforts to interfere in our election, as well as malicious cyber activity related to our election cycle in previous elections.”

As for the timeline, senior administration officials, answering journalists’ questions, stated:

“Our first priority was publicly disclosing the information – it was most important to make public what we knew – and we did that October 7. That was a unique if not unprecedented step to come out with the common view of US intelligence agencies that a foreign power was influencing our election. We also wanted to give warning directly to the Russians, in public and in private, numerous times, that we knew what they were doing and were preparing a response. We wanted them to absorb that message and have that affect their behavior. We were concerned about securing the election – and there is no evidence that the Russians tampered with the vote. The priority for our cybersecurity efforts was to make sure our election was secure. But the material that had been hacked and was being released – it was not like that genie could be put back in the bottle. We were putting this together in context with [hacked] information being shared, publicly released and reported on by the news media. We wanted to do [respond] as methodically as possible: what we could do with sanctions, with diplomats, with the Joint Analysis Report (JAR), and preparing other elements.”

They added that it takes considerable time to put together a package of sanctions – you need to have the evidence sufficient to stand up in court to justify the actions.

“Sanctions packages are time consuming – establishing the basis, then finding the target list. JAR itself is complex procedure as putting together info we can share publicly that provides the best possible guidance about what we know – and response to harassment [of our diplomats] is something focusing on for some time.”

The incoming administration, under Donald Trump, has dismissed the allegations. Trump stated that “we should just get on with our lives,” and signaled he would undo sanctions leveled against Putin, including the sanctions that were put into place after Russia annexed Crimea and engaged in hostilities intended to overthrow the Ukrainian government.

But the Administration officials, pointing to “flagrant violation of norms” that have also seen in interference in our election as well as a level of harassment of US diplomats in Russia – one even being assaulted by a Russian police officer – along with malicious cyber attacks that have been leveled against critical American infrastructure and American companies. to a level that is unprecedented during in the post-Cold War era and has been developing over a period of years,” threaten national security and democratic regimes.

“There is no debate in the US administration: it is a fact that Russia interfered in our democratic election. We have established that to our satisfaction. We would never expect Russia to acknowledge what they did, don’t do it; still deny they are interfering in Ukraine. We say to journalists, look at what they say and what they do. This is a country that has intervened in sovereign country even though can see – bombed civilians, but they deny it. It is not a ‘he said/she said’ situation.  There are facts.”

“We have one president at a time. President Obama will execute the duties of his office until January 20. He’s acting on what he believes is in best interest of the United States.”

There are any number of actions that we’re taking that will [fall to next administration]. .When a new administration takes office, entirely in their judgment a to whether to continue the course we set in number of areas.

“But Russian actions have been sustained over an extended period of time, and by any definition, are against our national interest, not just the interests of this president – harassment of our diplomats is a direct threat of ability of US to conduct diplomacy. Interference with our election is a pattern we see in other western democracies, including some of our closest allies. Malicious cyber targeting of American critical infrastructure would be of concern to future administrations.

“We know from our own consultations this is of concern to American business, and we would expect future administrations to be concerned about the impact on the American economy of Russian cyber activity.  We are taking these actions because of pattern of behavior of period of time, replicated in other countries. We believe is the right approach to take.

“We’re taking these actions consistent with our assessment of what Russia has done – they have been interfering in both the American democratic process and in the conduct of American diplomacy. That should concern all Americans and members of both parties – a sustained effort to both harass our diplomatic personnel and interfere in our democratic process. We have no reason to believe that Russia’s activities will cease – they have been engaged in malicious cyber activity not just here in the United States but in other democratic countries. One reason to sustain [these] activities is that there is every reason that Russia will continue to interfere… These are executive actions. If a future president decided to allow in Russian intelligence agents, reopen those diplomatic compounds that are being used for intelligence, that compromises US national security.”

Here are the details from the White House:

Sanctioning Malicious Russian Cyber Activity

In response to the threat to U.S. national security posed by Russian interference in our elections, the President has approved an amendment to Executive Order 13964.  As originally issued in April 2015, this Executive Order created a new, targeted authority for the U.S. government to respond more effectively to the most significant of cyber threats, particularly in situations where malicious cyber actors operate beyond the reach of existing authorities.  The original Executive Order focused on cyber-enabled malicious activities that:

  • Harm or significantly compromise the provision of services by entities in a critical infrastructure sector;
  • Significantly disrupt the availability of a computer or network of computers (for example, through a distributed denial-of-service attack); or
  • Cause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information).

The increasing use of cyber-enabled means to undermine democratic processes at home and abroad, as exemplified by Russia’s recent activities, has made clear that a tool explicitly targeting attempts to interfere with elections is also warranted.  As such, the President has approved amending Executive Order 13964 to authorize sanctions on those who:

  • Tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.

Using this new authority, the President has sanctioned nine entities and individuals:  two Russian intelligence services (the GRU and the FSB); four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

  • The Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU) is involved in external collection using human intelligence officers and a variety of technical tools, and is designated for tampering, altering, or causing a misappropriation of information with the purpose or effect of interfering with the 2016 U.S. election processes.
  • The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.
  • The three other entities include the Special Technology Center (a.k.a. STLC, Ltd. Special Technology Center St. Petersburg) assisted the GRU in conducting signals intelligence operations; Zorsecurity (a.k.a. Esage Lab) provided the GRU with technical research and development; and the Autonomous Noncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a. ANO PO KSI) provided specialized training to the GRU. 
  • Sanctioned individuals include Igor Valentinovich Korobov, the current Chief of the GRU; Sergey Aleksandrovich Gizunov, Deputy Chief of the GRU; Igor Olegovich Kostyukov, a First Deputy Chief of the GRU; and Vladimir Stepanovich Alexseyev, also a First Deputy Chief of the GRU.

In addition, the Department of the Treasury is designating two Russian individuals,Evgeniy Bogachev and Aleksey Belan, under a pre-existing portion of the Executive Order for using cyber-enabled means to cause misappropriation of funds and personal identifying information.

  • Evgeniy Mikhailovich Bogachev is designated today for having engaged in significant malicious cyber-enabled misappropriation of financial information for private financial gain.  Bogachev and his cybercriminal associates are responsible for the theft of over $100 million from U.S. financial institutions, Fortune 500 firms, universities, and government agencies.
  • Aleksey Alekseyevich Belan engaged in the significant malicious cyber-enabled misappropriation of personal identifiers for private financial gain.  Belan compromised the computer networks of at least three major United States-based e-commerce companies.

Responding to Russian Harassment of U.S. Personnel 

Over the past two years, harassment of our diplomatic personnel in Russia by security personnel and police has increased significantly and gone far beyond international diplomatic norms of behavior.  Other Western Embassies have reported similar concerns.  In response to this harassment, the President has authorized the following actions:

  • Today the State Department declared 35 Russian government officials from the Russian Embassy in Washington and the Russian Consulate in San Francisco “persona non grata.”  They were acting in a manner inconsistent with their diplomatic status. Those individuals and their families were given 72 hours to leave the United States.
  • In addition to this action, the Department of State has provided notice that as of noon on Friday, December 30, Russian access will be denied to two Russian government-owned compounds, one in Maryland and one in New York.

Raising Awareness About Russian Malicious Cyber Activity

The Department of Homeland Security and Federal Bureau of Investigation are releasing a Joint Analysis Report (JAR) that contains declassified technical information on Russian civilian and military intelligence services’ malicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

  • The JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this infrastructure, in other cases, this information is newly declassified by the U.S. government.
  • The report also includes data that enables cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use.  Network defenders can use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware.  This information is newly de-classified.
  • Finally, the JAR includes information on how Russian intelligence services typically conduct their activities.  This information can help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt an ongoing intrusion.

This information will allow network defenders to take specific steps that can often block new activity or disrupt on-going intrusions by Russian intelligence services.  DHS and FBI are encouraging security companies and private sector owners and operators to use this JAR and look back within their network traffic for signs of malicious activity. DHS and FBI are also encouraging security companies and private sector owners and operators to leverage these indicators in proactive defense efforts to block malicious cyber activity before it occurs. DHS has already added these indicators to their Automated Indicator Sharing service.

“Cyber threats pose one of the most serious economic and national security challenges the United States faces today.  For the last eight years, this Administration has pursued a comprehensive strategy to confront these threats.  And as we have demonstrated by these actions today, we intend to continue to employ the full range of authorities and tools, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors, regardless of their country of origin, to protect the national security of the United States,” the White House stated.

______________

© 2016 News & Photo Features Syndicate, a division of Workstyles, Inc. All rights reserved. For editorial feature and photo information, go to www.news-photos-features.com, email editor@news-photos-features.com. Blogging at  www.dailykos.com/blogs/NewsPhotosFeatures.  ‘Like’ us on facebook.com/NewsPhotoFeatures, Tweet @KarenBRubin

 

Obama: ‘Cybersecurity is One of the Greatest Challenges We Face as a Nation’

What role did Russia play in affecting the outcome of the 2016 Presidential Election?  President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com
What role did Russia play in affecting the outcome of the 2016 Presidential Election? President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com

President Barack Obama has just ordered intelligence agencies to review cyber attacks and foreign intervention into the 2016 election and deliver a report before he leaves office on Jan. 20, homeland security adviser Lisa Monaco said on Friday. Monaco told reporters the results of the report would be shared with lawmakers and others.

National intelligence agencies have indicated strong evidence that Russian state-actors, already implicated in the hacking of the Democratic National Committee and in election rolls in some states, intruded into the presidential election – a horrifying attack on American independence and democracy. Donald Trump, the beneficiary of the interference, has dismissed any notion that Russia was involved – particularly since it would have acknowledged that Russia preferred Trump to win – saying in one of the debates that it could just have easily have been a fat lady sitting on her bed. Trump has also refused to sit in on national security briefings. Cybersecurity has been a concern for this administration. Obama issued this statement on the Report of the Commission on Enhancing National Cybersecurity – Karen Rubin, News & Photo Features

In February of this year, I directed the creation of a nonpartisan Commission on Enhancing National Cybersecurity, charging it with assessing the current state of cybersecurity in our country and recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.  Yesterday, the members of the Commission – leaders from industry and academia, many with experience in government – provided their findings and recommendations to me.  And earlier today I met with the Commission’s Chair, Tom Donilon, to discuss how we as a country can build on the Commission’s work and enhance our cybersecurity over the coming years.  I want to thank the Commission members for their hard work and for their thoughtful and detailed recommendations.  I am confident that if we implement the Commission’s recommendations, our economy, critical infrastructure, and national security will be better equipped to thrive in the coming years.

The Commission’s report makes clear that cybersecurity is one of the greatest challenges we face as a nation.  That is why I have consistently made cybersecurity a top national security and economic security priority, reflected most recently by the Cybersecurity National Action Plan I announced in February and my 2017 Budget, which called for a more than 35 percent  increase in Federal cybersecurity resources.

During my Administration, we have executed a consistent strategy focused on three priorities:

  1. Raising the level of cybersecurity defenses in the public and private sectors;
  2. Deterring and disrupting malicious cyber activity aimed at the United States or its allies; and
  3. Effectively responding to and recovering from cybersecurity incidents when they occur.

To strengthen our cybersecurity defenses across the country, in 2013 we convened experts from industry, academia and civil society to create the National Institute of Standards and Technology (NIST) Cybersecurity Framework.  As the Commission notes, the Framework has become the gold standard for cybersecurity risk management, and I wholeheartedly support the Commission’s recommendations to expand its usage in the Federal government, the private sector, and abroad.  We encouraged the formation of information sharing and analysis organizations, worked with Congress to enact tailored liability protections for private sector entities that share threat information with the government, and took steps to automate information sharing.  As the Commission calls for, we launched public campaigns to promote cybersecurity awareness among consumers, including the “Lock Down Your Login” campaign encouraging consumers to better secure their identities online.  We have given consumers more tools to secure their financial future by assisting victims of identity theft, improved the government’s payment security, and accelerated the transition to next-generation payment security.  We have invested in cybersecurity research and development to lay the groundwork for stronger cyber defenses in the future.  And I have clarified the roles and responsibilities of Federal agencies in responding to significant cyber incidents by issuing a new directive codifying eight years of lessons learned from incident response.

To strengthen government cybersecurity, we created the first-ever federal Chief Information Security Officer and drove dramatic improvements in Federal agencies’ use of strong authentication and in critical vulnerability patching.  We have pushed to reduce the Federal government’s reliance on legacy technologies, proposing an innovative $3.1 billion fund to modernize costly and vulnerable information technology (IT) systems – a fund that the Commission proposes to expand.  We updated the guidance for Federal agency IT management, cybersecurity, and privacy, introducing the kind of coordination that the Commission calls for.  Agencies are increasingly centralizing their cybersecurity efforts and relying on the Department of Homeland Security (DHS) for shared services like vulnerability detection, network discovery and monitoring, intrusion detection and prevention, and cybersecurity assessments of high priority IT systems.  Consolidating DHS’ cybersecurity and infrastructure protection missions within a single DHS line agency – as my Administration has proposed, and as the Commission recommends – would further strengthen DHS’ ability to support Federal and critical infrastructure cybersecurity.  Finally, consistent with the Commission’s emphasis on improving the Nation’s cybersecurity workforce, my Administration has issued a comprehensive workforce strategy and has hired more than 6,000 new cybersecurity professionals in the Federal government in 2016 alone.

As the Commission recognizes, we have championed the application of international law to cyberspace; promoted voluntary international norms of state behavior during peacetime, securing over 30 countries’ commitment to these norms in the G20 and other international fora; and committed to confidence building measures to reduce escalation risk.  We have secured commitments from China and other nations to oppose cyber-enabled theft of intellectual property and business secrets for commercial gain, sought to modernize the Mutual Legal Assistance process, and submitted legislation to enable greater cross-border data sharing between law enforcement agencies – another effort the Commission strongly supports.  We have developed additional tools and cyber capabilities to deter and disrupt malicious cyber activity aimed at the United States.  Finally, we created the Cyber Threat Intelligence Integration Center to ensure that there is a single government-wide source for integrated intelligence assessments on cyber threats.

In total, the Commission’s recommendations affirm the course that this Administration has laid out, but make clear that there is much more to do and the next Administration, Congress, the private sector, and the general public need to build on this progress.  Deepening public-private cooperation will help us better protect critical infrastructure and respond to cyber incidents when they occur.  Expanding the use of strong authentication to improve identity management will make all of us more secure online.  Increasing investments in research and development will improve the security of products and technologies.  Investing in human capital, education, and the productivity of the cybersecurity workforce will ensure that this country’s best and brightest are helping us stay ahead of the cybersecurity curve.  Continuing to prioritize and coordinate cybersecurity efforts across the Federal government will ensure that this critical challenge remains a top national security priority.  And furthering the promotion of international norms of responsible state behavior will ensure that the global community is able to confront the ever-evolving threats we face.

The Commission’s recommendations are thoughtful and pragmatic. Accordingly, my Administration strongly supports the Commission’s work, and we will take additional action wherever possible to build on the work my Administration has already undertaken and to make progress on its new recommendations before the end of my term.  Importantly though, I believe that the next Administration and the next Congress can benefit from the Commission’s insights and should use the Commission’s recommendations as a guide.  I have asked the Commission to brief the President-Elect’s Transition Team at their earliest opportunity.  Further, we must provide sufficient resources to meet the critical cybersecurity challenges called out in the Commission’s report.  Before Congress adjourns for the year, it must act to fully fund the urgent cybersecurity needs that my Administration has identified in my 2017 Budget and elsewhere, investing in areas such as securing Federal information technology systems, protecting critical infrastructure, and investing in our cybersecurity workforce.

As the Commission’s report counsels, we have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so.  My Administration has made considerable progress in this regard over the last eight years.  Now it is time for the next Administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change – both in the United States and around the world.

Obama Administration Details New Cybersecurity National Action Plan

Indian Point Nuclear Plant: cyber attacks on utilities, power plants, nuclear facilities can be more lethal and disrupting than an invading army. The White House has just issued a fact sheet detailing its Cybersecurity National Action Plan © 2016 Karen Rubin/news-photos-features.com
Indian Point Nuclear Plant: cyber attacks on utilities, power plants, nuclear facilities can be more lethal and disrupting than an invading army. The White House has just issued a fact sheet detailing its Cybersecurity National Action Plan © 2016 Karen Rubin/news-photos-features.com

FACT SHEET: Cybersecurity National Action Plan

Taking bold actions to protect Americans in today’s digital world

The next War to End All Wars will likely be fought in cyberspace, rather than by invading armies. Cybersecurity is critical line of defense, but also raises issues of privacy – from government as well as criminals. The Obama Administration has just issued a Cybersecurity National Action Plan which, among other things, creates a Commission on Enhancing National Cybersecurity as well as a permanent Federal Privacy Council.  It includes expanding upon the President’s 2014 BuySecure Initiative to strengthen the security of consumer data. Here is a fact sheet from the White House detailing the Cybersecurity National Action Plan:

From the beginning of his Administration, the President has made it clear that cybersecurity is one of the most important challenges we face as a Nation, and for more than seven years he has acted comprehensively to confront that challenge.  Working together with Congress, we took another step forward in this effort in December with the passage of the Cybersecurity Act of 2015, which provides important tools necessary to strengthen the Nation’s cybersecurity, particularly by making it easier for private companies to share cyber threat information with each other and the Government.

But the President believes that more must be done – so that citizens have the tools they need to protect themselves, companies can defend their operations and information, and the Government does its part to protect the American people and the information they entrust to us.  That is why, today, the President is directing his Administration to implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.

The Challenge

From buying products to running businesses to finding directions to communicating with the people we love, an online world has fundamentally reshaped our daily lives.  But just as the continually evolving digital age presents boundless opportunities for our economy, our businesses, and our people, it also presents a new generation of threats that we must adapt to meet.  Criminals, terrorists, and countries who wish to do us harm have all realized that attacking us online is often easier than attacking us in person.  As more and more sensitive data is stored online, the consequences of those attacks grow more significant each year.  Identity theft is now the fastest growing crime in America.  Our innovators and entrepreneurs have reinforced our global leadership and grown our economy, but with each new story of a high-profile company hacked or a neighbor defrauded, more Americans are left to wonder whether technology’s benefits could risk being outpaced by its costs.

The President believes that meeting these new threats is necessary and within our grasp.  But it requires a bold reassessment of the way we approach security in the digital age.  If we’re going to be connected, we need to be protected.  We need to join together—Government, businesses, and individuals—to sustain the spirit that has always made America great.  

Our Approach

That is why, today, the Administration is announcing a series of near-term actions to enhance cybersecurity capabilities within the Federal Government and across the country.  But given the complexity and seriousness of the issue, the President is also asking some of our Nation’s top strategic, business, and technical thinkers from outside of government to study and report on what more we can do to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.  Bold action is required to secure our digital society and keep America competitive in the global digital economy.

The President’s Cybersecurity National Action Plan (CNAP) is the capstone of more than seven years of determined effort by this Administration, building upon lessons learned from cybersecurity trends, threats, and intrusions.  This plan directs the Federal Government to take new action now and fosters the conditions required for long-term improvements in our approach to cybersecurity across the Federal Government, the private sector, and our personal lives.  Highlights of the CNAP include actions to:

  • Establish the “Commission on Enhancing National Cybersecurity.” This Commission will be comprised of top strategic, business, and technical thinkers from outside of Government – including members to be designated by the bi-partisan Congressional leadership.  The Commission will make recommendations on actions that can be taken over the next decade to strengthen cybersecurity in both the public and private sectors while protecting privacy; maintaining public safety and economic and national security; fostering discovery and development of new technical solutions; and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion and use of cybersecurity technologies, policies, and best practices.
  • Modernize Government IT and transform how the Government manages cybersecurity through the proposal of a $3.1 billion Information Technology Modernization Fund, which will enable the retirement, replacement, and modernization of legacy IT that is difficult to secure and expensive to maintain, as well as the formation of a new position – the Federal Chief Information Security Officer – to drive these changes across the Government.
  • Empower Americans to secure their online accounts by moving beyond just passwords and adding an extra layer of security.  By judiciously combining a strong password with additional factors, such as a fingerprint or a single use code delivered in a text message, Americans can make their accounts even more secure.  This focus on multi-factor authentication will be central to a newNational Cybersecurity Awareness Campaign launched by theNational Cyber Security Alliance designed to arm consumers with simple and actionable information to protect themselves in an increasingly digital world.  The National Cyber Security Alliance will partner with leading technology firms like Google, Facebook, DropBox, and Microsoft to make it easier for millions of users to secure their online accounts, and financial services companies such as MasterCard, Visa, PayPal, and Venmo thatare making transactions more secure.  In addition, the Federal Government will take steps to safeguard personal data in online transactions between citizens and the government, including through a new action plan to drive the Federal Government’s adoption and use of effective identity proofing and strong multi-factor authentication methods and a systematic review of where the Federal Government can reduce reliance on Social Security Numbers as an identifier of citizens.
  • Invest over $19 billion for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget.  This represents a more than 35 percent increase from FY 2016 in overall Federal resources for cybersecurity, a necessary investment to secure our Nation in the future.

Through these actions, additional new steps outlined below, and other policy efforts spread across the Federal Government, the Administration has charted a course to enhance our long-term security and reinforce American leadership in developing the technologies that power the digital world.  

Commission on Enhancing National Cybersecurity

For over four decades, computer technology and the Internet have provided a strategic advantage to the United States, its citizens, and its allies.  But if fundamental cybersecurity and identity issues are not addressed, America’s reliance on digital infrastructure risks becoming a source of strategic liability.  To address these issues, we must diagnose and address the causes of cyber-vulnerabilities, and not just treat the symptoms.  Meeting this challenge will require a long-term, national commitment.

To conduct this review, the President is establishing the Commission on Enhancing National Cybersecurity, comprised of top strategic, business, and technical thinkers from outside of Government – including members to be designated by the bi-partisan Congressional leadership.  The Commission is tasked with making detailed recommendations on actions that can be taken over the next decade to enhance cybersecurity awareness and protections throughout the private sector and at all levels of Government, to protect privacy, to maintain public safety and economic and national security, and to empower Americans to take better control of their digital security.  The National Institute of Standards and Technology will provide the Commission with support to allow it to carry out its mission.  The Commission will report to the President with its specific findings and recommendations before the end of 2016, providing the country a roadmap for future actions that will build on the CNAP and protect our long-term security online. 

Raise the Level of Cybersecurity across the Country

While the Commission conducts this forward looking review, we will continue to raise the level of cybersecurity across the Nation.

Strengthen Federal Cybersecurity

The Federal Government has made significant progress in improving its cybersecurity capabilities, but more work remains.  To expand on that progress and address the longstanding, systemic challenges in Federal cybersecurity, we must re-examine our Government’s legacy approach to cybersecurity and information technology, which requires each agency to build and defend its own networks.  These actions build upon the foundation laid by the Cybersecurity Cross-Agency Priority Goalsand the 2015 Cybersecurity Strategy and Implementation Plan.

Ø  The President’s 2017 Budget proposes a $3.1 billion Information Technology Modernization Fund, as a down payment on the comprehensive overhaul that must be undertaken in the coming years.  This revolving fund will enable agencies to invest money up front and realize the return over time by retiring, replacing, or modernizing antiquated IT infrastructure, networks, and systems that are expensive to maintain, provide poor functionality, and are difficult to secure.

Ø  The Administration has created the position of Federal Chief Information Security Officer to drive cybersecurity policy, planning, and implementation across the Federal Government.  This is the first time that there will be a dedicated senior official who is solely focused on developing, managing, and coordinating cybersecurity strategy, policy, and operations across the entire Federal domain.

Ø  The Administration is requiring agencies to identify and prioritize their highest value and most at-risk IT assets and then take additional concrete steps to improve their security.

Ø  The Department of Homeland Security, the General Services Administration, and other Federal agencies will increase the availability of government-wide shared services for IT and cybersecurity, with the goal of taking each individual agency out of the business of building, owning, and operating their own IT when more efficient, effective, and secure options are available, as well as ensuring that individual agencies are not left on their own to defend themselves against the most sophisticated threats.

Ø  The Department of Homeland Security is enhancing Federal cybersecurity by expanding the EINSTEIN and Continuous Diagnostics and Mitigation programs.  The President’s 2017 Budget supports all Federal civilian agencies adopting these capabilities.

Ø  The Department of Homeland Security is dramatically increasing the number of Federal civilian cyber defense teams to a total of 48, by recruiting the best cybersecurity talent from across the Federal Government and private sector.  These standing teams will protect networks, systems, and data across the entire Federal Civilian Government by conducting penetration testing and proactively hunting for intruders, as well as providing incident response and security engineering expertise.

Ø  The Federal Government, through efforts such as the National Initiative for Cybersecurity Education, will enhance cybersecurity education and training nationwide and hire more cybersecurity experts to secure Federal agencies.  As part of the CNAP, the President’s Budget invests $62 million in cybersecurity personnel to:

o   Expand the Scholarship for Service program by establishing a CyberCorps Reserve program, which will offer scholarships for Americans who wish to obtain cybersecurity education and serve their country in the civilian Federal government;

o   Develop a Cybersecurity Core Curriculum that will ensure cybersecurity graduates who wish to join the Federal Government have the requisite knowledge and skills; and,

o   Strengthen the National Centers for Academic Excellence in Cybersecurity Program to increase the number of participating academic institutions and students, better support those institutions currently participating, increase the number of students studying cybersecurity at those institutions, and enhance student knowledge through program and curriculum evolution.

Ø  The President’s Budget takes additional steps to expand the cybersecurity workforce by:

o   Enhancing student loan forgiveness programs for cybersecurity experts joining the Federal workforce;

o   Catalyzing investment in cybersecurity education as part of a robust computer science curriculum through the President’s Computer Science for All Initiative.

Empower Individuals

The privacy and security of all Americans online in their daily lives is increasingly integral to our national security and our economy. The following new actions build on the President’s 2014 BuySecure Initiative to strengthen the security of consumer data.

Ø  The President is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts.  Private companies, non-profits, and the Federal Government are working together to help more Americans stay safe online through a new public awareness campaign that focuses on broad adoption of multi-factor authentication.  Building off the Stop.Think.Connect. campaign and efforts stemming from the National Strategy for Trusted Identities in Cyberspace, the National Cyber Security Alliance will partner with leading technology companies and civil society to promote this effort and make it easier for millions of users to secure their accounts online.  This will support a broader effort to increase public awareness of the individual’s role in cybersecurity.

Ø  The Federal Government is accelerating adoption of strong multi-factor authentication and identity proofing for citizen-facing Federal Government digital services.  The General Services Administration will establish a new program that will better protect and secure the data and personal information of Americans as they interact with Federal Government services, including tax data and benefit information.

Ø  The Administration is conducting a systematic review of where the Federal Government can reduce its use of Social Security Numbers as an identifier of citizens. 

Ø  The Federal Trade Commission recently relaunchedIdentityTheft.Gov, to serve as a one-stop resource for victims to report identity theft, create a personal recovery plan, and print pre-filled letters and forms to send to credit bureaus, businesses, and debt collectors.

Ø  The Small Business Administration (SBA), partnering with the Federal Trade Commission, the National Institute of Standards and Technology (NIST), and the Department of Energy, will offercybersecurity training to reach over 1.4 million small businesses and small business stakeholders through 68 SBA District Offices, 9 NIST Manufacturing Extension Partnership Centers, and other regional networks across the country. 

Ø  The Administration is announcing new milestones in the President’s BuySecure Initiative to secure financial transactions.  As of today the Federal Government has supplied over 2.5 million more secure Chip-and-PIN payment cards, and transitioned to this new technology the entire fleet of card readers managed by the Department of the Treasury.  Through government and private-sector leadership, more secure chip cards have been issued in the United States than any other country in the world. 

Enhance Critical Infrastructure Security and Resilience

The national and economic security of the United States depends on the reliable functioning of the Nation’s critical infrastructure.  A continued partnership with the owners and operators of critical infrastructure will improve cybersecurity and enhance the Nation’s resiliency.  This work builds off the President’s previous cybersecurity focused Executive Orders on Critical Infrastructure (2013) and Information Sharing (2015).

Ø  The Department of Homeland Security, the Department of Commerce, and the Department of Energy are contributing resources and capabilities to establish a National Center for Cybersecurity Resilience where companies and sector-wide organizations can test the security of systems in a contained environment, such as by subjecting a replica electric grid to cyber-attack.

Ø  The Department of Homeland Security will double the number of cybersecurity advisors available to assist private sector organizations with in-person, customized cybersecurity assessments and implementation of best practices.

Ø  The Department of Homeland Security is collaborating with UL and other industry partners to develop a Cybersecurity Assurance Program to test and certify networked devices within the “Internet of Things,” whether they be refrigerators or medical infusion pumps, so that when you buy a new product, you can be sure that it has been certified to meet security standards.

Ø  The National Institute of Standards and Technology is soliciting feedback in order to inform further development of itsCybersecurity Framework for improving critical infrastructure cybersecurity.  This follows two years of adoption by organizations across the country and around the world.

Ø   Commerce Secretary Pritzker cut the ribbon on the new National Cybersecurity Center of Excellence, a public-private research and development partnership that will allow industry and government to work together to develop and deploy technical solutions for high-priority cybersecurity challenges and share those findings for the benefit of the broader community.

Ø  The Administration is calling on major health insurers and healthcare stakeholders to help them take new and significant steps to enhance their data stewardship practices and ensure that consumers can trust that their sensitive health data will be safe, secure, and available to guide clinical decision-making.

Secure Technology

Even as we work to improve our defenses today, we know the Nation must aggressively invest in the science, technology, tools, and infrastructure of the future to ensure that they are engineered with sustainable security in mind.

Ø  Today the Administration is releasing its 2016 Federal Cybersecurity Research and Development Strategic Plan.  This plan, which was called for in the 2014 Cybersecurity Enhancement Act, lays out strategic research and development goals for the Nation to advance cybersecurity technologies driven by the scientific evidence of efficacy and efficiency.

Ø  In addition, the Government will work with organizations such as the Linux Foundation’s Core Infrastructure Initiative to fund and secure commonly used internet “utilities” such as open-source software, protocols, and standards.  Just as our roads and bridges need regular repair and upkeep, so do the technical linkages that allow the information superhighway to flow.

Deter, Discourage, and Disrupt Malicious Activity in Cyberspace

Better securing our own digital infrastructure is only part of the solution.  We must lead the international effort in adopting principles of responsible state behavior, even while we take steps to deter and disrupt malicious activity.  We cannot pursue these goals alone – we must pursue them in concert with our allies and partners around the world.

Ø  In 2015, members of the G20 joined with the United States in affirming important norms, including the applicability of international law to cyberspace, the idea that states should not conduct the cyber-enabled theft of intellectual property for commercial gain, and in welcoming the report of a United Nations Group of Governmental Experts, which included a number of additional norms to promote international cooperation, prevent attacks on civilian critical infrastructure, and support computer emergency response teams providing reconstitution and mitigation services.  The Administration intends to institutionalize and implement these norms through further bilateral and multilateral commitments and confidence building measures.

Ø  The Department of Justice, including the Federal Bureau of Investigation, is increasing funding for cybersecurity-related activities by more than 23 percent to improve their capabilities to identify, disrupt, and apprehend malicious cyber actors.

Ø  U.S. Cyber Command is building a Cyber Mission Force of 133 teams assembled from 6,200 military, civilian, and contractor support personnel from across the military departments and defense components.  The Cyber Mission Force, which will be fully operational in 2018, is already employing capabilities in support of U.S. Government objectives across the spectrum of cyber operations.

Improve Cyber Incident Response

Even as we focus on preventing and deterring malicious cyber activity, we must also maintain resilience as events occur.  Over the past year, the country faced a wide array of intrusions, ranging from criminal activity to cyber espionage.  By applying lessons learned from past incidents we can improve management of future cyber incidents and enhance the country’s cyber-resilience.

Ø  By this spring, the Administration will publically release a policy for national cyber incident coordination and an accompanyingseverity methodology for evaluating cyber incidents so that government agencies and the private sector can communicate effectively and provide an appropriate and consistent level of response.

Protect the Privacy of Individuals

In coordination with the information technology and cybersecurity efforts above, the Administration has launched a groundbreaking effort to enhance how agencies across the Federal Government protect the privacy of individuals and their information.  Privacy has been core to our Nation from its inception, and in today’s digital age safeguarding privacy is more critical than ever. 

Ø  Today, the President signed an Executive Order that created a permanent Federal Privacy Council, which will bring together the privacy officials from across the Government to help ensure the implementation of more strategic and comprehensive Federal privacy guidelines.  Like cyber security, privacy must be effectively and continuously addressed as our nation embraces new technologies, promotes innovation, reaps the benefits of big data and defends against evolving threats.

Fund Cybersecurity

In order to implement these sweeping changes, the Federal Government will need to invest additional resources in its cybersecurity.  That is why the 2017 Budget allocates more than $19 billion for cybersecurity – a more than 35 percent increase over the 2016 enacted level.  These resources will enable agencies to raise their level of cybersecurity, help private sector organizations and individuals better protect themselves, disrupt and deter adversary activity, and respond more effectively to incidents.