Pursuing Security in Cyberspace: Strategic and Organizational Challenges

Orbis

Volumn 56, Issue 3, 2012, Pages 336-356

  Nielsen, Suzanne C ^a  

^a UNITED STATES MILITARY ACADEMY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84862646119     PISSN: 00304387     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.orbis.2012.05.004     Document Type: Article

References (68)

1. President Barack Obama, "Remarks by the President on Securing Our Nation's Critical Infrastructure," The White House Office of the Press Secretary, May 29, 2009, available at: http://www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyberinfrastructure.
2. Ashton B. Carter, "Keynote Address by Deputy Secretary of Defense Ashton Carter to the RSA Conference," San Francisco, California, Feb. 28, 2012, available at: http://www.defense.gov/Speeches/Speech.aspx?SpeechID=1655.
3. Conference," San Francisco, California, Feb. 28, 2012, available at: http://www.defense.gov/Speeches/Speech.aspx?SpeechID=1655. 3 See Mitch Walfrop, "DARPA and the Internet Revolution," in DARPA, 50 Years of Bridging the Gap (Washington, D.C.: Defense Advanced Research Project Agency, Apr. 2008), pp. 78-85.
4. Rain Ottis and Peeter Lorents, "Cyberspace: Definition and Implications, "in Proceedings of the 5th International Conference on Information Warfare and Security, Dayton, Ohio, Apr. 8-9, 2010 (Reading: Academic Publishing Limited, 2010), pp. 267-270, 2, 3, accessed at: http://www.ccdcoe.org/205.html.
5. David Moore, et al., "Inside the Slammer Worm," IEEE Security and rivacy, Vol 1, No 4 (2003), p.33.
6. Keith B. Alexander, "Statement of Commander, United States Cyber Command, before the House Committee on Armed Services" (Washington, DC: US Congress, Sept. 23, 2010), p. 3.
7. Security Summit 2010, Emerging Cyber Threats Report 2011 (Atlanta, GA: Georgia Tech Information Security Center, Oct. 7, 2010), p. 6.
8. Joseph S. Nye, Jr. Cyber Power (Cambridge, MA: Belfer Center for Science and International Affairs, May 2010), p. 3.
9. Statistics are drawn from the Miniwatts Marketing Group, available at: http://www.internetworldstats.com/.
10. I am grateful to Dennis Bartko for this insight.
11. This formulation is adapted from that presented in Henry H. Willis, et al., Estimating Terrorism Risk (Santa Monica, CA: RAND, 2005), xvi.
12. United States Computer Emergency Readiness Team, "Cyber Threat Source Descriptions," available at: http://www.us-cert.gov/control_systems/csthreats.html.
13. William J. Lynn, III, "Remarks on Cyber at the RSA Conference," San Francisco, California, Feb. 15, 2011, available at: http://www.defense.gov/Speeches/Speech.aspx?SpeechID=1535.
14. James R. Clapper, Statement for the Record on the Worldwide Threat Assessment of the US Intelligence Community for the House Permanent Select Committee on Intelligence (Washington, DC: Office of the Director of National Intelligence, Feb. 10, 2011), p. 28.
15. James R. Clapper, Unclassified Statement for the Record on the Worldwide Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence Washington, D.C.: Office of the Director of National Intelligence, Jan. 31, 2012), p. 7.
16. Security Summit 2010, Emerging Cyber Threats Report 2011, p. 3.
17. "Symantec Internet Security Threat Report: Trends for 2009," Symantec, Apr. 2010.
18. Office of the National Counterintelligence Executive, Foreign Spies Stealing U.S. Economic Secrets in Cyberspace (Washington, D.C.: Office of the National Counterintelligence Executive, Oct. 2011), p. i.
19. Dmitri Alperovitch, "Revealed: Operation Shady Rat," McAfee White Paper, 2011, p. 2.
20. "Significant Cyber Incidents Since 2006," Center for Strategic and International Studies, available at: http://dev.csis.org/files/publication/101021_Significant%20Cyber%20Incidents%20Since%202006.pdf.
21. Vice Admiral (Retired) John Michael McConnell, "The Cyber War Threat has been Grossly Exaggerated," Intelligence2 Debates, June 8, 2010, available at: http://intelligencesquaredus.org/wpcontent/uploads/Cyber-War-060810.pdf.
22. "Stock Selloff May Have Been Triggered by a Trader Error," CNBC.com with Reuters, May 6, 2010, available at: http://www.cnbc.com/id/36999483/Stock_Selloff_May_Have_Been_Triggered_by_a_Trader_Error.
23. Horn Leslie, "'Anonymous' Launches DDoS Attacks Against WikiLeaks Foes," PCMag.com, Dec. 8, 2010, available at: http://www.pcmag.com/article2/0,2817,2374023,00.asp.
24. Lynn, "Remarks on Cyber at the RSA Conference," p. 1.
25. Lance Whitney, "Cyber Command chief details threats to US," CNET News, Aug. 5, 2010, available at: http://news.cnet.com/8301-13639_3-20012774-42.html.
26. Security Summit 2010, Emerging Cyber Threats Report 2011, p. 8.
27. Robert S. Mueller, III, "Speech at the RSA Cyber Security Conference," San Francisco, CA, Mar. 1, 2012, available at: http://www.fbi.gov/news/speeches/combating-threats-in-the-cyber-world-..3
28. The White House, Cyberspace Policy Review, p. 1.
29. The White House, International Strategy for Cyberspace (Washington, D.C.: The White House, May 2011), p. 4
30. "Critical Infrastructure," Department of Homeland Security, accessed at: http://www.dhs.gov/files/programs/gc_1189168948944.shtm.
31. Department of Homeland Security, National Infrastructure Protection Plan (Washington, D.C.: Department of Homeland Security, 2009), p. 12.
32. Dennis C. Blair, Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence (Washington, DC: Office of the Director of National Intelligence, Feb. 12, 2009), p. 38.
33. Security Summit 2010, Emerging Cyber Threats Report 2011, p. 8
34. Peter D. Gasper, "Cyber Threat to Critical Infrastructure 2010-2015: Increased Control System Exposure," Idaho National Laboratory, Sept. 24, 2008, available at: http://usacac.army.mil/cac2/cew/repository/presentations/15_Idaho_Natl_Lab_IACSCI_Threat_2010-2015.pdf.
35. Richard A. Clarke and Robert K. Knake, Cyber War: the Next Threat to National Security and What to Do About It (New York: Ecco, 2010), p. 169.
36. First Annual Cost of Cyber Crime Study: Benchmark Study of US Companies, Ponemon Institute, July 2010, p. 1, available at: http://www.riskandinsurancechalkboard.com/uploads/file/Ponemon%20Study%281%29.pdf.
37. "Chronology of Data Breaches: Security Breaches 2005-Present, Privacy Rights Clearinghouse, available at: http://www.privacyrights.org/data-breach#CP, as cited by David Z. Bodenheimer, Esq., "Statement Before the House Armed Services Committee's Subcommittee on Terrorism, Unconventional Threats and Capabilities Concerning Private Sector Perspectives on Department of Defense Information Technology and Cybersecurity Activities" (Washington, D.C.: U.S. Congress, Feb. 25, 2010), p. 4.
38. William F. Lynn III, "Defending a New Domain: The Pentagon's Cyberstrategy," Foreign Affairs, Sept./Oct. 2010, p. 98.
39. CSIS Commission on Cybersecurity for the 44th Presidency, Cybersecurity Two Years Later (Washington, DC: Center for Strategic and International Studies, Jan. 2011), p. 1.
40. Clarke and Knake, pp. 143-144.
41. CSIS Commission on Cybersecurity for the 44th Presidency, Cybersecurity Two Years Later, p. 5
42. "CyberCom: U.S. Lacks Online Situational Awareness," DefenseNews.com, June 3, 2010, available at: http://www.defensenews.com/story.php?i=4655216.
43. Lynn, "Defending a New Domain," p. 103.
44. Mary Ellen Callahan, "Privacy Impact Assessment for the Initiative Three Exercise," Department of Homeland Security, Mar. 18, 2010, available at: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_nppd_initiative3exercise.pdf.
45. Lynn, "Defending a New Domain," p. 103.
46. General Keith Alexander, as cited in Whitney, "Cyber Command chief details threats to US"
47. Blair, Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence, 2009, p. 40.
48. Lynn, "Defending a New Domain," pp. 104-105.
49. Executive Office of the President, Director of the Office of Management and the Budget, Memorandum for the Heads of Executive Departments and Agencies, "Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS)," July 6, 2010.
50. CSIS Commission on Cybersecurity for the 44th Presidency, Cybersecurity Two Years Later, especially pp. 7-8.
51. James Lewis, "Multilateral Agreements to Constrain Cyberconflict," Arms Control Today, June 2010, available at: http://www.armscontrol.org/act/2010_06/Lewis.
52. The discussion in this paragraph has been informed by and greatly benefitted from Martin C. Libicki, Cyberdeterrence and Cyberwar (Santa Monica, CA: RAND Project Air Force, 2009).
53. Alexander, "Statement of Commander, United States Cyber Command, before the House Committee on Armed Services," p. 5.
54. CSIS Commission on Cybersecurity for the 44th Presidency, Cybersecurity Two Years Later, p. 3.
55. James Q. Wilson, Bureaucracy: What Government Agencies Do and Why They Do It (New York: Basic Books, Inc., 1989), especially chapter 10.
56. Government Accountability Office, Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to be Consistently Addressed (Washington, DC: US Government Accountability Office, July 2010).
57. Memorandum of Agreement Between the Department of Homeland Security and the Department of Defense regarding Cybersecurity, Oct. 27, 2010, available at: http://www.dhs.gov/xlibrary/assets/20101013-dod-dhs-cyber-moa.pdf.
58. Eric Chabrow, "A Fleeting Idea: Department of Cyber," GovInfoSecurity.com, Feb. 16, 2011, available at: http://www.bankinfosecurity.com/articles.php?art_id=3359.
59. CSIS Commission on Cybersecurity for the 44th Presidency, Securing Cyberspace for the 44th Presidency, p. 35.
60. Alexander, "Statement of Commander, United States Cyber Command, before the House Committee on Armed Services," pp. 5-6.
61. Ibid., p. 1.
62. Wesley R. Andrues, "What US Cyber Command Must Do," Joint Force Quarterly 59, no. 4 (2010): pp. 116-117.
63. General Accountability Office, Defense Department Cyber Efforts: DOD Faces Challenges in its Cyber Activities (Washington, DC: General Accountability Office, July 2011).
64. Alexander, "Statement of Commander, United States Cyber Command, before the House Committee on Armed Services," p. 2.
65. Carl Builder, The Masks of War: American Military Styles in Strategy and Analysis (Baltimore, MD: The Johns Hopkins University Press, 1989).
66. "Operating in the Digital Domain: Organizing the Military Departments for Cyber Operations," Hearing of the House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Sept. 23, 2010.
67. James Gosler, cited in CSIS Commission on Cybersecurity for the 44th Presidency, A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters (Washington, DC: Center for Strategic & International Studies, July 2010), p. 1.
68. CSIS Commission on Cybersecurity for the 44th Presidency, Cybersecurity Two Years Later, especially p. 2.\