On the Use of Offensive Cyber Capabilities - Belfer Center for ...
On the Use of Offensive Cyber Capabilities - Belfer Center for ...
On the Use of Offensive Cyber Capabilities - Belfer Center for ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
notoriously wary <strong>of</strong> privacy infringement and distrustful <strong>of</strong> governmentmonitoring. Despite <strong>the</strong> growing push by lawmakers <strong>for</strong> increased Internetmonitoring by <strong>the</strong> Department <strong>of</strong> Homeland Security (DHS) 57 , <strong>the</strong> need torespect individual privacy has remained <strong>of</strong> paramount concern. Defensive cyberoperations, like <strong>the</strong> Department <strong>of</strong> Justice and FBI’s takedown <strong>of</strong> <strong>the</strong> Corefloodbotnet, which contained over 2 million infected systems, required extensive legaljustification. 58 This reflects <strong>the</strong> domestic political sensitivity <strong>of</strong> governmentinfluence (or some may say intrusion) on private citizens’ lives.Additionally, <strong>the</strong>re are interagency political issues that complicateuni<strong>for</strong>m cyber policy. DHS has <strong>the</strong> responsibility to protect U.S. citizens within<strong>the</strong> borders, but <strong>the</strong> vast majority <strong>of</strong> cyber resources reside at NSA and DoD. A2009 National Research Council (NRC) report suggests that military externalcyber operations would have implications <strong>for</strong> o<strong>the</strong>r agencies’ missions (includingDoS and Treasury). 59 A consideration <strong>for</strong> policy makers, <strong>the</strong>re<strong>for</strong>e, will be <strong>the</strong>facility in aligning <strong>the</strong>se various interests.Lastly, <strong>the</strong> authorization <strong>for</strong> <strong>the</strong> use <strong>of</strong> <strong>for</strong>ce constitutionally rests withCongress. Should an agency decide to engage in external cyber operations thatcould be considered a use <strong>of</strong> <strong>for</strong>ce, it may require Congressional approval.Achieving this politically (and expeditiously) may prove problematic. Thissuggests that <strong>the</strong> need exists <strong>for</strong> establishing pre-approved authority levels, andhaving a robust debate to establish norms <strong>for</strong> acceptable cyber action.57 Though terrorist organizations have leveraged <strong>the</strong> power <strong>of</strong> social media, DHS has made itabundantly clear that <strong>the</strong>y wish to protect individual privacy. They claim that current monitoringis in accordance with “defined parameters articulated in published department privacyguidelines.” (Hosenball, 2012)58 (James, 2011)59 (National Research Council, 2009)37