The American cybersecurity agenda has experienced an unprecedented push in 2015. Due to recent cyber attacks on major commercial and governmental networks, the Obama administration has recognised the urgency of prioritising cybersecurity on the national security agenda. This appeal indicates a larger movement to considerably increase American cyberpower, which can be understood as, ‘producing preferred outcomes’ both within and outside of cyberspace.
Early evidence of this emerging cyberpower campaign can be found in broader discussions of the United States’ strategic interests, including the State of the Union and the 2015 National Security Strategy (NSS). The Administration’s commitment to strengthening cybersecurity has since culminated in several initiatives, particularly the White House Summit on Cybersecurity and Consumer Protection, and its subsequent creation of the Cyber Threat Intelligence Center and Executive Order 13691; ‘Promoting Private Sector Cybersecurity Information Sharing.’ Within each of these contexts, the Administration’s message has been clear: Congress must pass legislation to strengthen American cybersecurity. Fortunately bipartisan support for strengthening cybersecurity as well as proposed legislation, including the Cyber Threat Intelligence Sharing Act and upcoming bill from the Senate Intelligence Committee, indicate encouraging prospects for the passage of cybersecurity legislation.
These recent developments represent a necessary step in preventing future cyber attacks. The role of information sharing, or ‘cyber sharing’, between public and private sectors could not be more central to achieving this goal. Cyber sharing represents a very critical aspect in cyberpolitics, as much of the Internet’s infrastructure is owned by the private sector. Two-way cyber sharing between the public and private sectors minimises future attacks on the same firm or its competitors. Obama’s Executive Order on information sharing addresses the legal barriers that have previously dissuaded companies from participating. With the growing number of attacks on significant public and private sector networks, including Anthem Healthcare, Target, Sony Pictures and the State Department, cyber sharing presents a potential tool to prevent future security breaches. Furthermore, these new initiatives emphasise that cybersecurity legislation and partnerships can no longer go ignored.
Despite the general bipartisan consensus to pass cybersecurity legislation, some rhetoric used to promote these measures continues to echo former Defense Secretary Leon Panetta of a future ‘cyber Pearl Harbor’ or ‘cyber Armageddon.’ Senate Homeland Security Committee Chairman Ron Johnson, a major proponent of aggressive cybersecurity legislation, even warned that a major cyber attack ‘could put American lives, and our very way of life, at risk.’ Such language evoking an existential risk not only overstates the threat, but also creates a climate of fear. This element of fear is particularly problematic, as it may pave the way for more exceptional measures to be enacted.
In the context of information-sharing legislation, both private companies in Silicon Valley and privacy advocates remain cautious of the proposals due to online data privacy concerns following the surveillance programs revealed in the Snowden leak. As many of the private corporations provide services to foreigners abroad, their clients are not covered by the same protection rights as those of Americans. Consequently, many private companies may not opt into the information sharing programs created in Obama’s Executive Order until the National Security Agency’s (NSA) surveillance program is reformed. Before 1 June, Congress must approve, replace, or let expire the portion of the Patriot Act under which the program is authorised.
If the atmosphere of fear surrounding cyber attacks has been used to set the stage for exceptional measures, the United States may be seeking to demonstrate cyberpower within cyberspace. In regards to cyber sharing measures, projecting cyberpower would allow the United States to produce the ‘preferred outcome’ of maximum protection against cyber threats. Officials continue to warn against the expiration of the NSA surveillance program, as they argue its termination would pose a significant challenge to national security. Thus by falling back on existential rhetoric, some politicians hope to promote greater access to information in cyberspace by legitimising information sharing prior to a decision on the NSA surveillance program.
The recent cybersecurity agenda can be understood as an attempt at conveying cyberpower outside of cyberspace as well. The Obama Administration’s 2015 NSS stresses: ‘As the birthplace of the Internet, the United States has a special responsibility to lead a networked world.’ This role requires promoting international cyber norms of ‘intellectual property, online freedom and respect for civilian infrastructure.’ Situating the United States as a leader in Internet conduct is becoming increasingly important as the current contract of the Internet Corporation for Assigned Names and Numbers (ICANN) expires 30 September 2015. Since 1998, the United States Department of Commerce has subcontracted the authority to oversee the Internet’s assigned IP addresses and domain names to ICANN. Although this responsibility will no longer be directly under the supervision of the United States, the transfer of the authority to an international body will not take place unless specific guidelines are met. Thus by confirming the United States’ ‘special responsibility’ in the future of Internet behaviour, the Obama administration ensures the United States retains a level of informal authority in later decision making.
If rhetoric continues to promote an environment of fear surrounding the future of cyberspace, then the United States’ position as a role model for Internet conduct and governance will become endangered. Not only can actions out of fear foster more aggressive behaviour between states, but they can also set a poor precedent of Internet governance for countries like China or Russia. Political leaders should then follow Obama’s lead, as stated in the 2015 NSS: ‘I believe America leads best when we draw upon our hopes rather than our fears. To succeed, we must draw upon the power of our example.’
As the push for heightened cybersecurity becomes a greater priority, politicians must set the language of fear aside and instead promote American cyberpower from a source of strength.