By Nicolas Aalberg
Department of Justice and National Intelligence Center reports on active cyber measures (ACMs) carried out by U.S. adversaries on social media display a staggering manipulation of American conversations, journalism, and electoral processes. Unlike Cold War active measures conducted through human intelligence (HUMINT) operations, creating or manipulating an online intelligence asset requires exponentially fewer resources and yields results with far greater scale. However, the U.S. responded to Cold War active measures through defensive counterintelligence and misinformation-debunking programs and through offensive, active HUMINT deterrents, and that same strategy can be used to combat ACMs today.
The Intelligence Community (IC) must work defensively using signals intelligence (SIGINT) and open-source intelligence (OSINT) to detect and neutralize enemy social media accounts, and Congress must create a bipartisan committee (the “Committee”) to communicate declassified information to the American public to expose manipulation of online conversations. At the same time, USCYBERCOM and CIA must work in tandem offensively through a new blend of cyber warfare and HUMINT to deter ACM proliferation and respond in kind, and once again set global military and intelligence standards on U.S. terms.
I. Defensive Posture: Congress Must Create a Bipartisan Committee to Counter Active Cyber Measures
Given that U.S. adversaries are successfully laying siege to the fabric of American political conversations, the U.S. needs to adopt a Cold War-era defensive posture consisting of counterintelligence efforts and increased transparency with the electorate about manipulated conversations. Historically, CIA has collaborated with FBI on counterintelligence efforts to remove compromised and planted HUMINT assets. NSA, CIA, and the Office of the Director of National Intelligence (ODNI) must similarly identify active personas and botnets through a combination of SIGINT and OSINT and collaborate with the social media industry to remove these accounts.
Continue reading Active Cyber Measures: Reviving Cold War Debunking and Deterrence Strategy
The next generation of mobile broadband, 5G, is emerging as a major area of competition between the United States and China. 5G technology promises vast improvements not only to the speed of commercial cellular connections, but also to governments’ intelligence, surveillance, and reconnaissance capabilities. Leadership in the development of 5G technology has thus been deemed critical to U.S. national security and global economic competitiveness.
5G competition is often judged by the number of patents in a given country’s standard essential patent (“SEP”) portfolio. This metric, David J. Kappos argues, is a misleading and unreliable guide to assessing the state of global 5G competition. Rather than focusing on the quantity of 5G patents in an SEP portfolio, it would be more useful to examine the quality of SEP portfolios. These assessments must be made by trained professionals capable of discerning the strength of each individual patent by comparing patent claims to the required specifications of the 5G standard. Developing reliably accurate assessments of SEP portfolios will be critical both for future 5G investment and for U.S. national security.
Most scholars who have tackled the internet “kill switch” subject come to a rather hasty conclusion that the President has the authority to shut down the internet under his emergency powers by invoking section 706 of the Communications Act of 1934 (codified as 47 U.S.C. § 606).
Over the years, this supposition has been debated on the fringes. Laura B. West’s article adds to that debate, brings it front and center, and argues that the current legal authorities are wholly inadequate to address the possible need to quarantine, isolate, or shutdown computers or portions of the internet or networks within the United States in a time of emergency caused by a massive cyber-attack.
Even if current domestic authorities can withstand the policy and legal scrutiny, the uncertainty and potency surrounding such authorities is surely enough to warrant new legislation that can provide “clear guidance and an enhanced ability to rapidly execute national level decisions for response options to sophisticated attack.” Accordingly, the time is now to rethink executive cyber emergency powers before there is a true need to build cyber walls.