Why We Need a U.S. Cyber-War College

Posted by James McCarthy, Esq., Gianna Way • July 24, 2018
Topics: Cybersecurity

CyberwarNot long after our country was founded, the young Republic formed war colleges. West Point and Annapolis were founded on science curricula. They partnered with industry leaders and together they leveraged the technology of the day to arm and train our service members to defend our country.[1] Given the nature of new emerging threats, our nation may benefit from a new type of war college, a “cyber war college” that enlists today’s tech companies in the fight against a new and sophisticated enemy.

The U.S. Congress and Administration have referred to Russia’s interference in the 2016 elections as an “act of war.”[2] United States government agencies as well as U.S. industry and its citizens are under attack from myriad actors with each year’s attacks surpassing the number and frequency of the year before.  According to the FBI’s 2017 Internet Crime Report, US citizens reported over 1.4 million complaints in less than 5 years; Symantec estimates US consumer losses at $20 billion annually; and Microsoft quantifies global losses at $3 trillion each year.[3] In just one instance alone last year, over 143 million U.S. adults accounts including SS numbers, DOB and driver’s license numbers were exposed.[4] Following the indictments last week of twelve Russian intelligence officials, it is clear that even our nation’s most basic franchise, our right to vote, is vulnerable to attack.[5] MIT’s Technology Review expects more cyber physical attacks on electrical grids, transportation, and infrastructure and describes the continued “weaponization of AI” where tireless cyber-attackers are in a virtual arms race with security experts. [6] Our enemies have the capability to inflict crippling damage to our infrastructure and citizenry without ever launching a missile, dropping a payload of smart bombs, or pulling a trigger.  

At last year’s Inspire conference, hosted by Microsoft in Washington, D.C., Brad Smith engaged us in a round table discussion where we posed this query as to a cyber war college. Aside from an impressive command of military history, Brad’s answer made us think about how this new war will be fought and by whom. The technology community’s involvement in our nation’ security continues to be at the forefront of our industry and was raised again by both Brad Smith and Satya Nadella at this week’s Inspire conference in Las Vegas. Microsoft’s President made it clear that our nation’s cyber defense will be multi-sourced with the tech industry supplying a fair amount of this firepower. Microsoft’s own DCU (Digital Crime Unit) is composed of more than 3500 investigators, analysts, and lawyers whose mission is fighting global malware, reducing digital risk and protecting vulnerable populations.[7] While industry leaders have called for a new type of Geneva Convention, a “Digital Geneva Convention” that protects populations in time of war and peace from government cyber-attacks targeting another country’s citizens,[8] a national stratagem, is long overdue. 

To be sure, our intelligence agencies and military academies are deep into this training with curricula in cyber security/defense and the development and deployment of cyber weaponry.[9] Still, given the sheer amount of threats, a new type of “citizen soldier force” is needed today. A citizen soldier force that recognizes that some of our most talented tech resources may not be inclined to serve in the traditional sense by enlisting into the military. A citizen soldier force which can serve the country through their private employers in collaboration with our military.  A citizen soldier force trained at a national cyber war college learning the most advanced cyber defense techniques.

While a civilian cyber war college may be a new idea, we have parallels where social structure is turned on its end by calls to action when it comes to protecting this nation. The first citizen soldiers and militias from centuries ago evolved into our modern military.  In WWI, the first conscription law was passed requiring civilians to be “drafted” into service. Twenty years later, “Rosie the Riveter” personified the entry of a large percentage of women into our manufacturing workforce while their male counterparts served in WWII.  The difference today is that acts of war and combatants were clearer in last century’s wars than today and the fight is being brought to our front door rather than far away battlefields.  Tech firms are fast becoming the warriors on this new warfront and a new civilian cyber war college that leverages government resources with these tech companies’ skills may add a new effective layer of national defense.  

So, a new call to action to tap our nation’s strength, once again. Citizens trained by a national cyber war college to identify different types of enemies and fight these digital fights whenever and wherever they arise. Something to consider…

 

References:

[1]https://www.nps.gov/spar/learn/historyculture/index.htm Eli Whitney known best for his cotton gin also operated an armory for the US military, see https://www.eliwhitney.org/7/museum/eli-whitney/arms-production; Springfield Armory in Massachusetts secured the first arms contract from the White House and incorporated other tech visionaries like Whitney, Blanchard, and later Browning, Maynard & Spencer to name just a few who all contributed to the development of arms that were used to defend the United States in early conflicts.  See web references, https://www.military.com/army-birthday/history-of-us-army-weapons.html; https://www.range365.com/history-us-military-riflesd#page-7. For a comprehensive look at weaponry covering thousands of years see, The Illustrated History of Guns, Willis, Skyhorse Publishing, 2014.

 [2] Senator McCain referred to an act of war. See, https://www.reuters.com/article/us-usa-russia-cyber-mccain/senator-mccain-says-russia-must-pay-price-for-hacking-idUSKBN14J1LW; National Security Adviser John Bolton concurred using its Latin equivalent, casus belli. See, https://www.usatoday.com/story/news/world/2018/03/30/trumps-national-security-adviser-john-bolton-called-russian-meddling-act-war/471079002/; Note that US Army Chief of Staff Mark Milley cautioned as to use of phrase ‘act of war’ given that not all adversarial actions are tantamount to war and that once said, you need to consider a response. See,  https://www.washingtonexaminer.com/army-chief-of-staff-warns-be-careful-about-war-talk-with-russia/article/2617977.

 [3] See FBI 2017 report, https://pdf.ic3.gov/2017_IC3Report.pdf ; Symantec Norton Cyber Security Insights Report,   https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir-united-states-results-en.pdf ; and Microsoft Digital Crime Unit Fact Sheet https://news.microsoft.com/download/presskits/DCU/docs/dcuFS_160115.pdf.

[4] Equifax hack occurred in July 2017 and represented more than half of the adult US population based on US Census Bureau  statistics; https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html; and https://www.census.gov/prod/cen2010/briefs/c2010br-03.pdf.  Other Examples; 3 billion Yahoo accounts hacked and unexposed for years;  https://money.cnn.com/2017/12/18/technology/biggest-cyberattacks-of-the-year/index.html; Securities & Exchange Commission hacked; https://www.nytimes.com/2017/09/20/business/sec-hacking-attack.html

[5] https://www.justice.gov/opa/pr/grand-jury-indicts-thirteen-russian-individuals-and-three-russian-companies-scheme-interfere

[6] MIT Review Author Giles identifies effective tactics include automated spear phishing that create convincing fake messages to trick people and even the sophisticated security programs, “sandboxes” that are designed to spot these attacks, into installing malware or share sensitive data. https://www.technologyreview.com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/.

[7] https://www.microsoft.com/en-us/trustcenter/security/cybercrime.

[8] https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/ .

[9] By way of example, FBI is the lead agency for investigating cyber attacks. See, https://www.fbi.gov/investigate/cyber. Department of Homeland Security (DHS) has 3 divisions for fighting cyber-crime: U.S. Secret Service, U.S Immigration and Customs Enforcement, and Law Enforcement Cyber Incident Reporting.  See, https://www.dhs.gov/topic/cybersecurityResearch. The CIA’s Directorate of Analysis and Directorate of Digital Innovation train operatives in the latest cyber tradecraft and IT security. See, https://www.cia.gov/offices-of-cia/digital-innovation.  West Point and the USNA offer its cadets and midshipmen advanced training in cyber security. See, https://www.usma.edu/CRC/SitePages/Home.aspx and https://www.usma.edu/CRC/SitePages/Home.aspx .  The US Army War College offers cyber operations courses. See, https://ssl.armywarcollege.edu/dde/curriculum.cfm.