Home » CCHS in the News

Category Archives: CCHS in the News

A recap of our event with NSA Director Rogers

by

Yesterday the Center for Cyber & Homeland Security convened a forum, “State of the Cybersecurity Union,” featuring Admiral Michael S. Rogers, Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service. Below are some of the highlights of Admiral Rogers’ remarks, which spoke to the current state of cybersecurity threats to the United States, and what both CYBERCOM and NSA are doing to address these threats, in light of the new Department of Defense cybersecurity strategy released last month.

On the evolving threat: “A whole set of actors is increasingly using encryption to evade the law/law enforcement and intelligence. Being in an environment where threat is up and trust is down is bad for a nation. The greatest segment of capability in the cyber arena continues to be criminal.”

On cyber deterrence: “Cyber is a great equalizer. It doesn’t take millions of dollars or decades of R&D to achieve capability. It’s hard to convince actors that they won’t be successful at cyber-attacks, so we need to raise their costs. Merely because an opponent comes at us in the cyber domain doesn’t mean that our response has to be in that domain. Response is situation dependent.”

On offense, defense: “DOD intends to generate a series of offensive cyber capabilities that will be applied as necessary within a legal framework. The defensive piece is our priority and it’s also our challenge.”

On the role of the private sector: “Partnerships between nation-states and the private sector offer great promise. If we can’t do this it’s like fighting with one hand. In the United States we don’t use the capabilities of our intelligence community to generate benefits for our private sector.”

For more of Admiral Rogers’ thoughts, watch the archived event webcast here.

For selected media coverage and analysis of the event, see these articles: Agence-France Presse, CNN, FCW, Wall Street Journal, and Washington Post.

CCHS announces new cohort of senior fellows

by

Earlier today the GW Center for Cyber & Homeland Security announced the selection of its new group of non-resident senior fellows, who will serve in the position for a two-year term starting on April 1, 2015. The Center’s full announcement and list of new senior fellows can be found at this link. You can expect to see contributions by many of these senior fellows in the coming months on this blog.

New CCHS op-ed in CSM Passcode: Fortifying the Internet of Things

by

Last Friday the Christian Science Monitor (CSM) Passcode published our opinion piece with Northrop Grumman VP and CISO Michael Papay, entitled “Fortifying the Internet of Things means baking in security at the beginning.” The challenge, in a nutshell, is this: “our desire and ability to innovate has so far outpaced our commitment to embedding cybersecurity into the design process.”

The good news, as we explain in the article is that “there are plenty of creative ways to get to goal” and take action to redress existing vulnerabilities. For examples and details, see the full piece at this link.

New CCHS commentary on cybersecurity information sharing EO

by

Earlier today CCHS Director Frank Cilluffo and I published a commentary in The Conversation about the new Executive Order (EO 13691) on “Promoting Private Sector Cybersecurity Information Sharing”, issued by the White House earlier this month.

Some key points in our ​analysis:

US companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. … Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous US companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective.

…For example, a group of US companies (including McAfee and Symantec) are banding together to form a “Cyber Threat Alliance” which aims “to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall level of situational awareness to better protect both the…organizations and their customers.” After all, it is companies themselves that usually have the greatest incentives to protect their own assets. Yet companies need to understand and respect the contours of what constitutes lawful defense and response, consistent with government’s rules of the road which, admittedly, are a work in progress, at best.

You can read the entire article at this link.

New CCHS report on PreCheck and risk-based security at TSA

by

Today CCHS released a new report that I wrote entitled “Risk-Based Security and the Aviation System: Operational Objectives and Policy Challenges”, which looks at the current challenges facing TSA’s risk-based security initiative (most notably, the PreCheck program) as it considers new options to increase program enrollment. We also held an event this morning on the event that included a very robust discussion of the issues raised in the paper. I won’t try to summarize the paper here, but you can download the full PDF at this link.

In related news, the Washington Post reports today on a letter from a bipartisan groups of Senators calling for the White House to put forward a new nominee to lead TSA. As the letter notes, it has already been more than three months since John Pistole announced his departure from TSA, which should have been sufficient time to identify and vet his potential successor. Former TSA Administrator Kip Hawley concurred with the letter’s perspective in a tweet this afternoon, and offered a strong endorsement of Acting TSA Administrator Mel Carraway:

Hopefully this is something that the White House will decide upon soon. TSA suffered from a lack of clear strategic direction during an 18-month period of acting leadership in 2009-2010, and finding a high-quality individual to nominate to lead TSA should be a priority.

HSPI Director appearing on Fox News special on “lone wolves”

by

HSPI Director Frank Cilluffo is a featured analyst on a Fox News special hosted by Greta Van Susteren airing tonight, entitled “Greta Investigates: The Lone Wolves of Terror”. Van Susteren previews the special on her website:

Terrorist groups such as Al Qaeda or ISIS are causing death and destruction around the world. This week’s attacks in Canada again draw attention to radical Islamists. The solitary fanatics – the ‘Lone Wolves’ – present law enforcement with difficult and frightening challenges. These domestic terrorists are not tied to any formal cells. They often become radicalized over the Internet, in prison and may live undetected within our communities – until they strike.

The special is airing at 7pm EST tonight and will be re-airing several times this weekend on the Fox News Channel.

WSJ op-ed on countering online radicalization in the United States

by

The Wall Street Journal published an op-ed today entitled “The Homegrown Jihadist Threat Grows,” which I co-authored with my former boss from my time working for the Senate Homeland Security and Governmental Affairs Committee (HSGAC), Sen. Joseph Lieberman.

In the piece, we argue that the United States needs a strategy for countering online recruitment and radicalization of Americans by terrorist groups, especially in light of ISIS’s very active profile on the Internet and the success that they have been having using these tools, highlighted most recently in the case of the two lone actor terrorist attacks in Canada this week, both of which appear to have been inspired by ISIS’s online propaganda.

The piece addresses an issue that had been a long-standing concern of Senator Lieberman and Senator Susan Collins when they led HSGAC, dating back to a staff report that they released in May 2008 entitled “Violent Islamist Extremism, the Internet, and the Homegrown Terrorist Threat.” In that report, they noted:

…the U.S. government has not developed nor implemented a coordinated outreach and communications strategy to address the homegrown terrorist threat, especially as that threat is amplified by the use of the Internet. According to testimony received by the Committee, no federal agency has been tasked with developing or implementing a domestic communications strategy.

Nearly three years later after the release of this report, in 2011, the Administration had promised to develop a strategy that was responsive to this recommendation, in its Strategic Implementation Plan for countering violent extremism. That document promised that the Administration would develop a separate strategy focused on radicalization and violent extremism:

The SIP specifically addresses the online arena in several sub-objectives, but because of the importance of the digital environment, we will develop a separate, more comprehensive strategy for countering and preventing violent extremist online radicalization and leveraging technology to empower community resilience that considers: (1) the latest assessment of the role of the Internet; (2) the absence of clear national boundaries in online space and the relationship between international and domestic radicalization to violence; (3) relevant legal issues; and (4) the differing authorities and capabilities of departments and agencies.

Nearly three more years have passed since the release of SIP, we still don’t have this strategy, in spite of promises that were made to the Senator in 2012 about this, as the WSJ piece details. The White House did release a blog post on this issue in February 2013, but it fell short of addressing the issues that the strategy had promised to cover.

Admittedly, this is a challenging set of issues to address, given legitimate concerns about protected 1st Amendment activity and domestic propaganda by the government, and any efforts in this area of online counter-messaging are only part of a broader strategy to prevent and disrupt homegrown terrorism. But given the sharp focus that ISIS and other terrorist groups have on using the Internet to recruit and radicalize, and given what we have seen this week in Canada as a harbinger of what can also happen here, it is imperative that more be done in this area, including by finishing and releasing the promised strategy on this issue.

You can read the full WSJ piece here. (If it’s behind the paywall, it also may be accessible via a relevant keyword search on Google News).

New op-ed and report on cybersecurity and DOD acquisition

by

Today Nextgov published an op-ed by Northrop Grumman Vice President and Chief Information Security Officer Michael Papay, HSPI Director Frank Cilluffo, and HSPI Associate Director Sharon Cardash, entitled “Pentagon Needs to Build Cybersecurity into the Acquisition Process.” The piece speaks to the intersection of cybersecurity and DOD acquisition, noting that what is really needed is to embed cybersecurity into our systems, designs, and culture/mindset. The piece offers a 3-pronged plan for moving forward: educate, evangelize, engineer.

In the view of the authors, the above subjects are important, but under-examined; and also timely — especially during National Cybersecurity Awareness Month.  Given the complexity of these topics, however, the op-ed is necessarily a topline treatment. For a more in-depth discussion of the challenges at play, see the related Issue Brief, produced jointly by the GW Cybersecurity Initiative and Northrop Grumman.

The Issue Brief explores the nexus of acquisition, components, and cybersecurity — first from the standpoint of potential vulnerabilities, and then from the perspective of remedying of them. The discussion begins in a DOD context, and subsequently expands to include critical infrastructure, and the Internet of Things. The report concludes with a series of action recommendations, targeted to different stakeholders in the defense realm, to bring the acquisition of components into alignment with a robust cybersecurity posture. Read more here.

HSPI Director participates in cyber forum this morning

by

HSPI Director Frank Cilluffo participated in a panel discussion on cybersecurity at an event hosted this morning by the Center for National Policy and the Christian Science Monitor, following an initial keynote address and discussion with White House Cybersecurity Coordinator Michael Daniel. You can find the archived webcast of the full event at this link on the Christian Science Monitor’s website, or view it below:

Event in Review: UN CTED Director Jean-Paul Laborde

by

On October 2, HSPI hosted a roundtable discussion with the Executive Director of the United Nations Security Council Counter-Terrorism Committee, Jean-Paul Laborde. Mr. Laborde discussed the international threat posed by foreign terrorist fighters as they gain combat experience in Iraq and Syria and bring this experience back to their home countries.

“This phenomenon isn’t new,” Mr. Laborde told the audience at the George Washington University Alumni House. “But the current scope is unprecedented.”

Mr. Laborde estimated that 15,000 foreign terrorist fighters from more than 80 countries have joined the ongoing fight in Syria. While the majority of these militants are from the Middle East and North Africa, he estimated that 3,000 of these fighters are from Europe, while others come from Australia and the United States.

Mr. Laborde emphasized the UN Security Council’s role in addressing these threats, primarily through fostering international cooperation between member-states and establishing a legal framework to prosecute foreign terrorist fighters. Last month, the UN adopted Resolution 2178, which holds that Member States will prevent the “recruiting, organizing, transporting, or equipping of individuals who travel to a State other than their State of residence or nationality for the purpose of the perpetration, planning of, or participation in terrorist acts.”

Mr. Laborde also highlighted the importance of educating judges and prosecutors of the legal measures in place to prosecute foreign fighters, and the Counter-Terrorism Committee’s country visits to assess security measures on the ground. The Committee has already visited 85 countries.

“The UN Security Council sets the international standard for its member-states,” Mr Laborde said. “We don’t do business as usual anymore.”

Mr. Laborde underscored the ever-changing nature of this threat, and the importance of staying up-to-date on foreign fighter travel patterns and the way social media is being used to spread terrorist messages and recruit. He also noted that the importance of the UN’s work with Interpol and Europol to combat violent extremism.

HSPI Director Frank Cilluffo also noted the growing number of westerners who are creating new networks of foreign terrorist fighters through propaganda, fundraising, and recruiting.

“We are fighting for the precious principles and values of our constitutions and at the same time, we have to defeat this threat,” Mr. Laborde said. “Nothing is more important that protecting the lives of the people.”

Tess Wallenstein is an intern with HSPI and a junior at the George Washington University School of Media and Public Affairs.