White House unveils new cyber security policy

President Trump’s National Cyber Strategy identifies bold new steps that the Federal Government will take to protect America from cyber threats and strengthen American capabilities in cyberspace.

Background

The National Cyber Security Policy is a policy framework by the Department of Homeland Security. It aims to protect the public and private infrastructure from cyber-attacks. The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data".

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Directorate for National Protection and Programs. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Centre, the Federal Computer Incident Response Centre, and the National Communications System, the NCSD opened on June 6, 2003.

The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. In recent years, the United States has accused China of hacking into government personnel files, and Russia of using digital methods to influence the 2016 presidential election.

Analysis

The White House published a 40-page document on Thursday afternoon, the first comprehensive cyber strategy in 15 years. The strategy’s core assumption is that the US created the internet and that Washington must maintain the dominant role in defining, shaping and policing cyberspace in much the same way as it does the globe.

All strategies are just broad outlines of general measures and overall objectives, and this one is no different. Beyond merely defending US computer networks, it wants to promote US economic prosperity while advancing influence around the world and achieving “peace through strength” as well.

The Trump administration’s approach to cyberspace is “anchored by enduring American values, such as the belief in the power of individual liberty, free expression, free markets, and privacy,” the strategy says at the very beginning. It claims that Russia, China, Iran, and North Korea use “cyber tools to undermine our economy and democracy, steal our intellectual property, and sow discord in our democratic processes.”

The new policy also stipulates that law enforcement will “work with private industry to confront the challenges presented by technological barriers, such as anonymization and encryption technologies” to obtain “time-sensitive evidence.” This is basically a re-phrasing of the policy suggested by former FBI Director James Comey about the need for backdoor access to encrypted products and services.

The second pillar focuses on the US government sponsoring innovation and creating jobs, but its key objective is to “promote the free flow of data across borders” (p.15). And if “repressive regimes” use US-made cybersecurity tools to “undermine human rights,”, then Washington will expose and counter them.

Pillar three is where a broadening of powers is detailed. Its objective is to “identify, counter, disrupt, degrade, and deter behaviour in cyberspace that is destabilizing and contrary to national interests” while preserving the US “overmatch.”

The fourth and final pillar is the advancement of US influence around the globe. Accusing China not only of wanting to create a closed, censored internet by exporting that model elsewhere, the strategy envisions the US attempting to campaign for a “free and open” internet.

Counterpoint

As cyberspace does not have a definable boundary, it is extremely difficult to enforce national laws. The policy may be directed towards strengthening US cybersecurity infrastructure, however, it also focuses on mitigating foreign attacks which outlining any concrete steps to apprehend foreign hackers.

The recent case of the US Department of Justice charging a North Korean national for the WannaCry attacks is a perfect example of the government’s limited reach on cyber-crime. Additionally, critics have labelled this new policy as Washington’s attempt to seek global dominion over the internet. This criticism is valid as the Federal Communications Commission (FCC) earlier this year has repealed federal net neutrality laws, thereby greatly reducing the openness of the internet.

Assessment

Our assessment is that the US government is trying to broaden its influence in cyberspace by expanding the powers of its cyber-security infrastructure. Even though it is a policy issued to defend America’s cyberspace, it has a vast expansion of powers which could be disruptive for the free and fair usage of the internet. We believe that this policy will receive an affirmative vote from Congress very soon, as it covers their basic demand of greater authority over cyberspace. However, we also feel that the policy may be challenged in the Supreme Court as a potential threat to the fundamental constitutional rights of its citizens.