Welcome to TheChisel's tutorial!

Click on the logo to see who's behind the proposal.

Click on an expert's picture to view the bio.

Click on specific menu items to check out our unique 4-step framework.
  • the issue
  • the solution
  • join the conversation
  • vote
First, click on THE ISSUE, where the experts present a common ground of facts.

Or click on components of THE ISSUE.

Want fun graphics?

Click on the bullets to unfold visuals and further background information.

Discover the experts' solution!
Dive in and engage!

Ask experts your questions. Suggest improvements. Share your stories.

Or reply to another citizen's or expert's comment.

And check out TRENDING TOPICS.

Other ideas?

Create your own topic and add a comment.

You're almost there!

Cast your vote and be heard.

You can change your vote at any time.

Create or update your profile!

Your Profile Page will be created automatically when you join.

After you log in, you will see a dropdown menu under your image to update your profile.

Share your interests with TheChisel’s community!

I want to Chisel!

Take me to the proposals!

Proposal: Enhance Cyber Security

Are you concerned about cyber security? Then explore how we can make the cyber realm more stable and secure for our families, businesses, and communities. While remaining consistent with our national values and maintaining our national interests.

The Issue

Problem Defined

Cyber has become the new conflict arena. It ranks as one of the greatest national security challenges facing the United States for three reasons. First, as the revelations about the National Security Agency’s (NSA’s) activities suggest, cyber offense has far outpaced cyber defense. Second, cyber capabilities are prevalent worldwide and increasingly are being used to achieve the strategic goals of nations and actors adverse to the United States. Third, it is highly unlikely that cyber espionage and other cyber intrusions will soon cease. While the NSA disclosures focus on the United States and the United Kingdom, there is little doubt that China, Russia, Iran, North Korea and others are engaged in significant cyber activities. The fundamental question is whether the cyber realm can, consistent with the national interest, be made more stable and secure.

Background
Expand all bullets
1.
​Cybersecurity is crucial to the United states and its allies, but there is no silver bullet.

 To achieve the necessary degree of security, it is imperative to reject a defense-only cyber strategy and embrace a hybrid strategy that relies not only on defense but also on tailored deterrence to reduce overall cyber risk. This proposal recommends simultaneously raising the costs to cyber offenders; increasing the private sector’s ability to complement the government’s efforts to achieve security; and developing standards and other approaches that focus on resilience as well as protection, take into account the international nature of cyber, and simultaneously are fair to companies on whom additional burdens are placed. Through the targeted actions described, all of these goals can be achieved and a more secure cyberspace created.

2.
Certified Entities and Active Defense

For over a decade, the cornerstone of US cybersecurity policy has been vulnerability mitigation—strengthening cyber defenses to reduce vulnerability to attack. But there is a growing understanding that defense—particularly in the face of concerted adversaries focused on a specific target—will be most successful if it includes “active” components that serve a deterrent function, beyond passive protection alone.

3.
Focused Standards for Protection and Resilience—Electric Grid and Finance

Cyber standards also have a potentially important role to play in the proposed hybrid model of cybersecurity. Cyber standards could be of significant value if clearly delineated and made mandatory in limited sectors where the public interest is very substantial. Standards should focus not only on protection, but also on resilience, since it cannot be assumed that networks will not be penetrated. Resilience, by denying the benefits of an attack, would have deterrent impact, as would stronger defenses in the arenas where an adversary could potentially create the most harm to the nation. In the cyber arena, most firms’ evaluation of risks generally coincides with the national risk. However, in the case of critical infrastructures that is not the case. For example, the harm from the loss of power, especially for an extended time, goes far beyond one firm’s loss. 

4.
Like-Minded Nations

The Internet is structurally and operationally international, and it would seem to follow that cybersecurity would be enhanced through cooperation among like-minded nations. The Internet is structurally and operationally international, and it would seem to follow that cybersecurity would be enhanced through cooperation among like-minded nations. There have already been some steps including the Budapest Convention, which is focused on cyber-crime; some coordination through military and other security arrangements such as in NATO, and other discussions such as the Association of South-East Asian Nations (ASEAN), Regional Forum (ARF), the Asia-Pacific Economic Cooperation Organization (APEC), and the Organization For Economic Cooperation and Development (OECD).

5.
Privacy

There are clear differences in approach to privacy and civil liberties in the transatlantic context and, more generally, among the United States and its allies. Those considerations need to be dealt with, and while our recommendations do not implicate personal privacy in most instances, data privacy may come into play to the extent that Internet Service Providers (ISPs) and/or private cybersecurity providers in the course of network monitoring collect data that could be considered personally identifiably information. 

6.
Cyber Sanctions

The United States has long utilized sanctions against individuals, entities, and countries in pursuit of counterterrorism, nonproliferation, and other policies. Cyber sanctions could be used in a comparable fashion to meet the growing challenge of cyber industrial espionage. Cyber sanctions will deter cyber espionage by raising costs, or the threat thereof, and therefore are essential to the broader cybersecurity strategy recommended in this proposal.

Go deeper
3.
Quadrennial Defense Review Report

U.S. Department of Defense - Quadrennial Defense Review (2006)

http://www.defense.gov/qdr/report/Report20060203.pdf

The QDR discussed a “shift from a ‘one size fits all’ notion of deterrence toward more tailorable approaches appropriate for advanced military competitors, regional WMD states, as well as nonstate terrorist networks.”

Expert Authors

THE ATLANTIC COUNCIL is a 501(c)3 organization that promotes constructive leadership and engagement in international affairs based on the Atlantic Community's central role in meeting global challenges. Founded in 1961, the Council provides an essential forum for navigating the dramatic economic and political changes defining the twenty-first century by informing and galvanizing its uniquely influential network of global leaders. Through the papers we write, the ideas we generate, and the communities we build, the Council shapes policy choices and strategies to create a more secure and prosperous world.

Franklin Kramer
-

The Honorable Franklin D. Kramer is a national security and international affairs expert, and has multiple appointments, including as a member of the Atlantic Council Board of Directors and also a member of its Strategic Advisors Group.

Kramer has been a senior political appointee in two administrations, including as assistant secretary of defense for international security affairs for President Clinton, Secretary Perry, and Secretary Cohen; and as principal deputy assistant secretary of defense for international security affairs.

In the nonprofit world, Kramer is a distinguished fellow at CNA, which operates the Center for Naval Analysis and the Institute for Public Research; is chairman of the board of the World Affairs Council of Washington, DC; is a capstone professor at the Elliott School of International Affairs at The George Washington University; and has been a distinguished research fellow at the Center for Technology and National Security Policy of the National Defense University. In the private sector, Kramer is a director and consultant and has been a partner at the law firm of Shea and Gardner.

Among his current activities, Kramer is the principal editor and has written several chapters for the book Cyberpower and National Security, led the study on and is the principal author ofCivil Power in Irregular Conflict, and is the coauthor and was co-project director of Transatlantic Cooperation for Sustainable Energy Security. At The George Washington University, he teaches a course entitled "The Department of Defense and Winning Modern War." He has written numerous articles on international affairs.

Kramer received a BA cum laude from Yale University and a JDmagna cum laude from Harvard Law School.

Melanie Teplinsky
Columnist - Christian Science Monitor

Melanie Teplinsky has written and spoken extensively on cyberlaw issues. Prior to joining American University Washington College of Law as an adjunct professor, Teplinsky practiced cyberlaw at Steptoe & Johnson LLP, where she counseled leading financial services, telecommunications, and other multinational clients on a wide array of issues including cybersecurity, data protection, and electronic surveillance. She has worked on information technology policy in the Executive Office of the President, dividing her time between OMB's Office of Information and Regulatory Affairs, Information Technology Branch and the Office of Science and Technology Policy. Teplinsky began her career in 1991 as an analyst at the National Security Agency (NSA) and continued her technical work at the Institute for Defense Analyses' Center for Communications Research, a federally-funded research and development center supporting NSA's mission.

The Solution

Proposed Recommendations
Expand all bullets
1.
Cyber Sanctions

Authorize both governmentally imposed sanctions for cyber espionage and civil remedies, including treble damages and forfeiture, in order to deter cyber threat actors by imposing costs, or the threat thereof. 

Cyber sanctions would have three critical benefits to the United States. First, they would raise the cost to malicious hackers.Second, they would send a strong geopolitical signal to countries that encourage or actively support malicious hacking. Third, if done properly, they could authorize and encourage private initiatives, which would then supplement the government’s capability to respond to malicious hacking. Sanctions could be of two types. They could be governmental, akin to nonproliferation or counterterrorism sanctions,or they could provide civil remedies, which would be a new approach.

2.
Certified Active Defense

Authorize a limited number of certified private entities to work with government to take active defense measures focused on attribution, initially to protect critical information within the defense industrial base. Active defense measures directed toward attribution will deter adversaries by raising the costs and risks associated with cyber espionage.

3.
Focused Standards for Protection and Resilience—Electric Grid and Finance

Reduce critical infrastructure vulnerability and enhance resilience by developing differentiated mandatory standards, initially for the most critical electric power and financial companies. Reducing vulnerability bolsters our defenses and increasing resilience enhances deterrence by mitigating the consequences of any successful intrusions.

4.
Agreement Among Like-minded Nations

Expand protection against espionage and critical infrastructure vulnerability via agreement among like-minded nations. Common international approaches can extend and amplify deterrent effects and could be achieved initially through agreement among the United States, Australia, Canada, France, Germany, Japan, the Republic of Korea, the United Kingdom, and perhaps the European Union, to create a Cyber Stability Board.

5.
Pilot Approach

Because several of these recommendations involve new approaches, this paper proposes that they be undertaken on a pilot-program, or other limited basis, which can be evaluated and expanded if proven effective and desirable.

To maximize their effectiveness, these recommendations can and should be implemented in tandem while maintaining the United States’ drive for an open Internet and its commitment both to preserve and enhance personal privacy and to protect civil liberties. None of the recommendations above implicates any of the programs made public in the recent revelations of the activities of the National Security Agency (NSA), but privacy and civil liberty considerations should still be reviewed in connection with their adoption and implementation.

Expected Results
Expand all bullets
1.

Help modernize U.S. cybersecurity policy

Winston Churchill

2.

Protect national interests from malicious hackers

Winston Churchill

3.

Enable the development of the internet without the influence of political entities

Winston Churchill

Budget
Budget Impact

$$

Net Present Value

$$

The Conversation

Anonymous
Michael DeSanto
Customer Service Agent
a year ago
Are they good or bad for America?
Othman Lanizi
Front End Developer
a year ago
That's a good question!
NSA
Michael DeSanto
Customer Service Agent
a year ago
What's going on with this?
Surveillance
Michael DeSanto
Customer Service Agent
a year ago
Surveillance
Government Surveillance
Michael DeSanto
Customer Service Agent
a year ago
Government Surveillance

Cast your vote

The Proposal Enhance Cyber Security needs your vote by Invalid date.
Time remaining: 7 months

Your voice has been heard.

Thank you for voting on this proposal.
You may change your vote or engage in this proposal's conversation any time before Invalid date

Your vote will not be visible to the public.