asymmetric threat 5_paper

Download Asymmetric threat 5_paper

Post on 23-Aug-2014



News & Politics

3 download

Embed Size (px)




  • D E A L I N G W I T H T O D A Y S A S Y M M E T R I C T H R E AT Cyber Threats to National Security SYMPOSIUM FIVE Keeping the Nations Industrial Base Safe From Cyber Threats
  • The Asymmetric Threat website ( includes downloadablereports from all symposia in both series and serves as a knowledge network toadvance the dialogue on national and global security, presenting resources andoriginal research, and providing a forum for review and discussion of pertinentthemes and events.SERIES ONESERIES TWO
  • UNCLASSIFIED Cyber Threats to National Security Symposium Five: Keeping the Nations Industrial Base Safe From Cyber Threats This document is intended only as a summary of the personal remarks made by participants at the March 1, 2011 symposium, Keeping the Nations Industrial Base Safe From Cyber Threats, held at the Carnegie Institution for Science, Washington, D.C., and co-sponsored by CACI International Inc (CACI), the U.S. Naval Institute (USNI), and the Center for Security Policy (CSP). It is published as a public service. It does not necessarily reflect the views of CACI, USNI, CSP, the U.S. government, or their officers and employees. The pro bono Asymmetric Threat symposia series was started in 2008 to contribute to the national discourse on the topic of asymmetric threats facing the United States. CACI and the National Defense University sponsored Symposium One in the series, and CACI and USNI sponsored Symposia Two and Three. With Symposium Four, also sponsored by CACI and USNI, a new Asymmetric Threat series was initiated focusing on Cyber Threats. With new sponsor CSP,Keeping the Nations Industrial Base Safe From Cyber Threats is the fifth symposium in the Asymmetric Threat series and the second in the Cyber Threat series. September 2011 2011 CACI International Inc UNCLASSIFIED H 1
  • UNCLASSIFIED Cyber Threats to National Security Symposium Five: Keeping the Nations Industrial Base Safe From Cyber ThreatsContentsExecutive Summary 31 Dimensions of the Cyber Threat 41.1 Vulnerabilities of the Industrial Base 51.1.1 Assurance and Attribution 51.1.2 Anonymity and Deterrence 71.1.3 Public Awareness and Understanding 71.1.4 Federal Policy and Responsibility 82 Assessing the Cyber and Insider Threat to the Industrial Base 112.1 The Realities of the Growing Cyber and Insider Threats 122.2 Keeping Pace With Change 142.2.1 Operational Flexibility 152.2.2Technologies 162.2.3 Into the Cloud: The End of the Perimeter Defense 162.2.4 Secure Information Sharing 173 Securing the Industrial Base 193.1 Private Sector and Citizen Understanding 193.2 Consensus on Privacy vs. National Security 193.3 Technical and Enforcement Tools 203.3.1 PKI the Next Generation of Assurance 213.4 An Educated Workforce 223.5 The Public-Private Partnership 233.6 International Agreements 254Recommendations 284.1 Defining Success 304.2Conclusion 31Glossary 32Acknowledgments 352 H UNCLASSIFIED 2011 CACI International Inc
  • UNCLASSIFIED Cyber Threats to National Security Symposium Five: Keeping the Nations Industrial Base Safe From Cyber ThreatsExecutive SummaryShortly after entering office, President Obama Against this ominous backdrop, the nations criticalunequivocally highlighted the safeguarding of infrastructure remains vulnerable to a vast array of cybercyberspace as a national security priority. Since then, attacks, crimes, and other activities inimical to U.S. nationalthe administration has cited significant progress in security objectives.cybersecurity, ensuring that Americans, our businesses,and our government are building better protections Cyber threats to industry emanate from numerous sources.against cyber threats.1 Recently, the administration These range from traditional external actors such as roguereleased its international strategy for cyberspace, a states, to highly sophisticated intruders posing an advancedmeasure the President described as the first time that persistent threat, to inside sources lurking within the mostour nation has laid out an approach that unifies our trusted circles of U.S government, industry and academia.engagement with international partners on the full Protecting the industrial base has been further hinderedrange of cyber issues.2 Though noteworthy, these by industrial migration into cloud computing and by theachievements have not abated the persisting imperative difficulty in ensuring that technological protections in thisto counter cyber threats systematically, comprehensively, area are sufficiently dynamic to counter the ever-morphingand aggressively. This paper examines that imperative cyber threat.through one critical prism: the industrial base. The challenge of securing cyberspace and protectingThe lengthening litany of recent cyber attacks against the industrial base against these threats is daunting, butU.S. infrastructure apparently of hostile origin not insurmountable. Success demands a strategy thatexposes the glaring vulnerabilities of this industrial couples agile, adaptive national security policies withbase. The critical research, production, marketing, and market incentives designed to spur private forging of thedistribution engines of Americas economy are at once technological shields and swords required to defeat avitalized by todays dizzying advances in technology technology-driven enemy.and information sharing and asymmetrically Any strategy to defeat the cyber threat and protect Americasthreatened by often anonymous individual and industrial base must be supported by flexible legislation thatstate actors who ride the same currents to infiltrate defines government roles and authorities while balancingincreasingly edgeless digital networks from within national security imperatives with personal privacy, and byand without. U.S.-led international agreements that establish norms andThe situation is further complicated by many enforce sanctions. If carried out among an aware citizenryAmericans idealized notions of cyberspace, as well as by federal officials who recognize private industrysthe difficulties in promulgating policies and legislation indispensable cybersecurity role, and a savvy, technologicallythat clearly assign roles and responsibilities to educated workforce, such an approach offers the U.S.particular government entities and keep pace with the the surest path to safeguarding its industrial base within aexponentially evolving cyber medium. cyberspace that remains more a bustling social and economic forum and marketplace than a battlefield.1 Fact Sheet: The Administrations Cybersecurity Accomplishments,May 12, 2011, President Barack H. Obama, International Strategy forCyberspace, May 2011, 2011 CACI International Inc UNCLASSIFIED H 3
  • UNCLASSIFIED Cyber Threats to National Security Symposium Five: Keeping the Nations Industrial Base Safe From Cyber Threats1 Dimensions of the Cyber ThreatThe scenarios that one can conjure to describe the scopeof todays cyber threat are chilling because they are bothsweepingly devastating and eminently plausible.The power blackout that brought lifes normal


View more >