Setting the global standard for online behavior, preserving American dominance, political and economic interests, punishing ‘malicious actors’ like Russia and China: these are the ambitious goals of the new US cyber-strategy.
The White House published the 40-page document on Thursday afternoon, the first comprehensive cyber strategy in 15 years. The strategy’s core assumption is that the US created the internet and that Washington must maintain the dominant role in defining, shaping and policing cyberspace in much the same way as it does the globe.
All strategies are but broad outlines of general measures and overall objectives, and this one is no different. Beyond merely defending US computer networks – that’s just the first part, devoted to protecting the “American People, the Homeland, and the American Way of Life” – it wants to promote US economic prosperity while advancing influence around the world and achieving “peace through strength” as well.
Just signed today, the National Cyber Strategy identifies steps to deter destabilizing activity, penalize malign behavior, and combat cybercrimes such as intellectual property theft. https://t.co/6CM638VKgy pic.twitter.com/bz7wjeI3J6
— The White House (@WhiteHouse) September 20, 2018
The Trump administration’s approach to cyberspace is “anchored by enduring American values, such as the belief in the power of individual liberty, free expression, free markets, and privacy,” the strategy says right at the start.
It also takes as an article of faith that Russia, China, Iran, and North Korea use “cyber tools to undermine our economy and democracy, steal our intellectual property, and sow discord in our democratic processes.”
Having signed on to this central assertion of Russiagate-peddlers, the Trump administration lays out the ways in which it intends to achieve its pie-in-the-(cyber)sky objectives.
‘Securing US democracy’
The Department of Homeland Security, a vast bureaucracy established after 9/11, is supposed to centralize management and oversight of federal computer networks, with the notable exceptions of those belonging to the Pentagon and the intelligence community. Reforms are supposed to make government networks more secure, reliable and efficient, while federal contracting will drive improvements in both products and services. This is the same process that has produced the F-35, a trillion-dollar clunker.
Those obsessed with seeing Russian hackers behind every voting machine might be interested in page nine, where the strategy proposes to “secure our democracy” by… offering training and risk management to state and local governments “when requested.” Admittedly, there isn’t much more the federal government can do to protect election systems, aside from securing the network infrastructure.
A particularly interesting tidbit here is also that law enforcement will “work with private industry to confront challenges presented by technological barriers, such as anonymization and encryption technologies” to obtain “time-sensitive evidence.” This is basically a rehash of former FBI Director James Comey’s perpetual refrain about the need for backdoor access to encrypted products and services.
The most (in)famous example of this was when the FBI took Apple to court over accessing the San Bernardino terrorist suspect’s iPhone, then hiring an Israeli company to crack the device, only to find… nothing of interest.
Privacy and civil rights advocates will be overjoyed to hear that Trump also wants to “update electronic surveillance and computer crime statutes” to make sure law enforcement can gather more evidence of cyber crimes and “impose appropriate consequences upon malicious cyber actors.”
‘Promoting American prosperity’
The second pillar talks a lot about the US government sponsoring innovation and creating jobs, but its key objective is to “promote the free flow of data across borders” (p.15). And if “repressive regimes” use US-made cybersecurity tools to “undermine human rights,” Washington will expose and counter them.
‘Preserving peace through strength’
Pillar three is where things get offensive – literally. Its objective is to “identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests” while preserving US “overmatch.”
In addition to authorizing offensive cyber operations against suspected bad actors, the strategy proceeds from the assumption that the world craves US leadership, and envisions Washington promoting a “framework of responsible state behavior in cyberspace” based on international law and “voluntary non-binding norms.”
A coalition of like-minded states, led by the US would “coordinate and support each other’s responses to significant malicious cyber incidents.”
How? Well, through intelligence sharing, but also “buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors.”
If that sounds a bit like what happened after the UK accused Russia, without evidence, of using a chemical agent to poison ex-spy Sergei Skripal and his daughter in Salisbury, and the US and other allies just took Whitehall’s word for it… that’s because it does.
‘Advancing US influence’
That leads us to the fourth and final pillar, advancing US influence around the globe. Accusing China not only of wanting to create a closed, censored internet by exporting that model elsewhere, the strategy envisions US evangelizing for a “free and open” internet.
Washington “will continue to work with like-minded countries, industry, civil society, and other stakeholders to advance human rights and Internet freedom globally and to counter authoritarian efforts to censor and influence Internet development,” the strategy says.