The Cyber Odd Couple of DC and Silicon Valley

Playwright Neil Simon wrote a play called “The Odd Couple.” It was the story of very different two men trying to share a NY apartment. Oscar was a total slob who was a top sports reporter. Felix was a total neat freak who was a top photographer. Yet, somehow they arrived at an accommodation though living in constant disagreement. In cyber world, Oscar is Silicon Valley and Washington is Felix. And, paraphrasing the opening of the Odd Couple – can they share cyber world without driving each other crazy?

If you had to pick two nearly opposite cultures, Silicon Valley and DC are it. The former is new, entrepreneurially brash, libertarian and a child of the open and easygoing lifestyle of the West Coast. It also strongly internationalist and driven by money as a metric and has loads of money made sometimes too easily in a market less devoted to results than “flipping a company” to gain more money. Still, it has become the creator and driving force of arguably one of the greatest technological and innovative bursts in mankind’s history.

In contrast, Washington is a staid place that is hugely powerful – arguably the capital of the most powerful nation on the planet for 70 years. It is filled with people drawn from around the country who are lawyers, social and hard scientists that do their best not to “stick up” from their surrounding fellows. Well established, it is a place of bureaucracy and order. Progress is not measured in money and quick results. It is measured in holding office and position – both of which provide power. It is also measured in compromise and a balancing of different interests for what is determined to be for the “public good.” Speed of decision is not its forte.

Not unexpectedly the first 15 years of the 21st century have constituted a long, drawn out sniping war between the two places. Washington pursues its national interests and Silicon Valley pursues its international interests. Washington thinks in terms of regulation and regards cyberspace as a public utility to be overseen. Silicon Valley loathes the DC oversight and fears the damage to its international business and independent spirit.

As time moves forward, however, the Oscar and Felix are beginning to see some common ground. While they argue vehemently over the use of encryption to secure cyber space, both DC and Silicon Valley recognize the constant barrage of cyber attacks as bad for public confidence.

Moreover, despite their internationalist viewpoint, Silicon Valley is beginning to feel the pinch overseas from nations who are not so happy about the free sharing of information or lack of control over content. As Facebook and Twitter are finding, for instance, China, Russia, Brazil, and UAE are not as welcoming to their efforts. Even India – the largest open market in the world now that China has stepped hard to regulate cyberspace – is balking at various proposals by Silicon Valley to break open India’s cyber world. These are arenas where the US government can help, if not necessary solve the challenges by pushing for international standards of openness and trade.

From the US Government standpoint, it is woefully behind the rest of the world – indeed the country – in terms of its own cyber security. The largest data leaks in the world have taken place in the US Government – from NSA’s Snowden to the Office of Personnel Management leak. Moreover, nation states and non-nation states — like China, Russia and innumerable private hackers with various agendas – have stripped sensitive technological information out of our most important projects. It needs Silicon Valley’s expertise to move beyond its 20th century, hide bound hierarchical structure and comprehensively adapt Silicon Valley’s new technologies and some of its spirit.

The Obama Administration’s recent high-level outreach to Silicon Valley is a good start to bridge that gap. Silicon Valley is also beginning to understand that it must better present its case in Washington.

Perhaps like Oscar and Felix, both sides can understand they live in the same cyber world and need each other.

The REAL ID Act: Time for a re-examination

Late last Friday afternoon, the Department of Homeland Security announced a set of new deadlines for final implementation of the REAL ID Act, postponing the date when TSA would stop accepting certain non-compliant states’ drivers licenses for aviation screening purposes until January 2018. It had previously been expected that such a deadline would be set for mid-2016 for a number of non-compliant states. This delay to the aviation screening deadline is not unexpected, given the likely disruption to air travel that would have resulted from TSA no long accepting many states’ ID’s as an acceptable form of identification.

Thus, the day of reckoning for REAL ID is postponed for another two years, for a new leadership team at DHS to confront. But it is unclear what will change in the next two years to alter the current status quo, where many states are reluctant to implement elements of REAL ID, the detailed statutory mandates from the 2005 law remain in place, and DHS is still charged with implementing the Act but retains the authority to delay its enforcement of the Act – authority that it has used repeatedly since 2007. While some states are likely to make progress on the REAL ID requirements in the next two years, it is hard to envision that the current impasse over full implementation will end in the next two years, and the next Secretary of DHS will likely be announcing additional delays in late 2017. And meanwhile, more than ten years have already passed since REAL ID was signed into law.

Given this reality, leaders in Congress, the executive branch, and the states have a choice to make. They can allow this dynamic of delay, confrontation, impasse, and further delay to cycle through the system one more time, resulting in gradual (but perhaps outdated) improvements to the security of state-issued identification. Or they can do what I believe is called for now: a serious re-examination of the requirements of the REAL ID Act.

Such a re-examination would include a detailed inquiry into the following questions:

1. What have been the demonstrable security benefits of the REAL ID Act to date, particularly with respect to counterterrorism, but also with respect to other national priorities (e.g. immigration enforcement, fraud prevention)? What elements of the REAL ID Act requirements (of which there are nearly 100) have delivered security benefits, and which have not, from a cost/benefit standpoint? (This would be a good question for a new GAO request by Congress, building off the findings of this 2012 GAO report).

2. Given the development and maturation of other counterterrorism capabilities in the past decade, how relevant and valuable is REAL ID (and secure identification generally) today with respect to domestic counterterrorism? For example, I would assert that it is much more difficult for would-be foreign terrorists (like the 9/11 hijackers) to travel to the United States today and engage in lengthy pre-operational activity than it was before 9/11, given investments in aviation pre-screening, watchlisting, visa security, information-sharing, domestic investigative capabilities, etc. Given how these other layers of security have been enhanced, has the marginal value of REAL ID today from a counterterrorism standpoint diminished or otherwise changed?

3. The terrorism threat facing the United States is significantly different than it was a decade ago, due to factors such as the increase in homegrown terrorism and the rise of ISIS and other new terrorist groups. How have these shifts in the terrorism threat changed the value of the REAL ID Act from a security standpoint? Have we seen changes in terrorist tradecraft with respect to the potential use of drivers’ licenses and other forms of identification?

4. How has technology involved in the past decade with respect to secure identification? Is the REAL ID Act mandating things in law that are now obsolescent from a technology standpoint? For example, what is the significance of digital identification technologies (which are being adopted now in many countries) for REAL ID? What is the significance of recent developments in areas such as biometrics and encryption? How do these technological developments affect the value of current REAL ID requirements?

5. In light of these external factors, how can the dynamics of governance over secure identification be changed so that state and federal actors are working together towards shared objectives, rather than in opposition to each other? Would it be helpful to move toward legislation that is focused on outcomes (similar to many other regulatory models), rather than the checklist approach that is codified in law today? Are there new coordination structures or funding mechanisms that can be used to align incentives?

Given these changes over the past decade, it is time for policy-makers (particularly in Congress) to be asking these questions, rather than allowing the status quo to prevail and REAL ID to continue on its current slow trajectory. A re-examination of REAL ID, and subsequent legislation based on the findings of such a review, would improve our homeland security and help to ensure that state and federal funds are being spent effectively and in a way that addresses today’s threats, instead of in response to yesterday’s threats and outdated requirements.

DHS gets Hill approval for a common appropriations structure

Buried within the omnibus appropriations bill signed into law in December 2015 is a provision (Section 563 of Division F, the Department of Homeland Security Appropriations Act) that allows DHS to establish a common appropriations structure, starting with the FY 2017 budget request that will be released in early February. This is something that DHS Secretary Johnson originally requested as part of the FY 2015 DHS budget request, as described in this testimony from March 2014:

As part of this agenda we are tackling our budget structure and process. DHS currently has 76 appropriations and over 120 projects, programs or activities, and there are significant structural inconsistencies across components, making mission based budget planning and budget execution analysis difficult. We are making changes to our budget process to better focus our efforts on a mission and cross-component view.

In the reports that accompanied the FY 2015 and FY 2016 DHS appropriations bills, the appropriations committees were mixed in their support for a transition to such a common appropriations structure in report language. In FY 2015, the House Appropriations Committee (HAC) believed that “DHS would benefit from the implementation of a common appropriation structure across the Department,” but the Senate Appropriations Committee (SAC) remained silent on this proposal.

In the FY 2016 bills, the HAC included bill language to establish a common appropriations structure, and noted emphatically that “implementing this methodology is a strategic imperative and must move forward with haste.” But the SAC was lukewarm to the proposal in its Committee report for FY 2016. The Committee acknowledged the DHS leadership team’s reasons for considering such a shift: “the goal of following funds from planning through execution is critical to departmental oversight of the components as well as establishing a capability to make tradeoffs in resource allocation and budget development decisions.” But it expressed concern about the potential harm to transparency and congressional oversight from such a shift, and expressed concerns about being unable to compare prior years’ appropriations following such a restructuring. It urged DHS to “tread carefully in this area and work closely with
the Committee.”

The provision included in the final omnibus appropriations bill is a modified version of the House provision, changing the word “shall” to “may” in a few places to soften the mandate for DHS to implement a common appropriation structure for the forthcoming budget request, and requiring that DHS provide a detailed report by April 1, 2016 to the committees on the transition to a common appropriations structure, as a precondition for getting the full authority to implement these changes. These minor changes are not likely to inhibit the ability of DHS to move forward with carrying out this transition, consistent with the intent of the Department’s leadership.

As the new language specifies, and as illustrated in the report “A Common Appropriations Structure for DHS: FY 2016 Crosswalk” (made public on the DHS website late last year), all DHS appropriations will now be allocated in one of four top-level categories: (1) Operations & Support, (2) Procurement, Construction and Improvements, (3) Research and Development, and (4) Federal Assistance. These top-level categories are similar to the structure used by the Department of Defense, where funds are primarily allocated with the categories of (1) Personnel, (2) Operations and Maintenance, (3) Procurement, and (4) Research, Development, Test and Evaluation.

The primary intent of this structure is to facilitate the ability of DHS leadership and Congress to develop greater insight into how funds are being allocated and spent across the Department. Currently, in many of the Department’s components, funds for day-to-day operations (salaries, rent, etc.) are mixed together in budget accounts with long-term capital investments (new ships, screening equipment, etc.), making it difficult to assess whether the right balance is being struck between present-day needs and future requirements. The new structure should also make it easier to identify and compare similar investments being made in different DHS components, and hopefully then find savings and efficiencies, consistent with the stated objectives of the Department’s Unity of Effort Initiative.

A secondary benefit of this reorganization is that it should enhance the ability of authorizing committees to pass authorization bills for DHS on a regular basis. The information provided to Congress in budget requests under a common appropriations structure can be used as a basis for authorizing funds, in a similar way to how the Armed Services Committees use information from DOD budget requests and the Future Years Defense Program to inform their annual authorization bills. The new common appropriations structure would not eliminate the jurisdictional issues that have made it difficult for Congress to pass DHS authorization bills over the past decade, but it would provide a basis for authorizing funds on a cross-cutting basis that is not wholly tied to the fragmented component-level jurisdiction over DHS in the House and the Senate.

Overall, this shift to a common appropriations structure is an encouraging development for the ongoing maturation of DHS, and if executed successfully in the coming year will be a significant accomplishment for Secretary Johnson and his team.

The NYPD settlement: understanding the consequences

The New York Police Department has settled long-standing lawsuits pertaining to the surveillance of Muslims, as reported this afternoon by The Washington Post and The Wall Street Journal. Notably, under the settlement agreement, the NYPD will be required to make significant changes to its Guidelines for Investigations involving Political Activity (aka the Handschu guidelines), as listed within Exhibit 1 of this PDF containing the settlement documents. In addition, the NYPD will be removing its 2007 report “Radicalization in the West: The Homegrown Threat” from it website as part of the agreement. (It is still available on the NYPD site as of posting, but if this link doesn’t work, it means it has been removed from the site. We’ve saved it here on our site for if/when that happens).

It is disappointing that the Radicalization in the West report will be removed from the NYPD’s website as a result of this settlement. While the report has always had limitations due to its case-study methodology (as the authors would likely acknowledge), and it has become somewhat dated due to external developments in the past eight years (e.g. growth of social media, rise of new terrorist groups, increase in lone actor terrorism), many of its general findings on the radicalization process have stood the test of time, and still provide insight into terrorists’ activities today, including the Paris attackers and other recent plotters.

And even if I disagreed with the report’s analysis, I would still argue that removing it from the website is the wrong thing to do. The report’s critics should contest and challenges its findings, as they have often done, but should not cheer its suppression through a formal legal process.

More worrying are the proposed changes to the Handschu guidelines. The changes to the requirements for a “Checking of Leads” or “Preliminary Inquiry” as outlined in this document could inhibit the ability of the NYPD to uncover the initial tip or lead that would be the starting point for a broader FBI-led investigation. While the NYPD will retain strong investigative authorities when there is a known threat, the Department’s ability to detect the ‘unknowns’ could be reduced as a result of these policy changes. It is also possible that a culture of risk aversion develops gradually as a result of these and other proposed changes to the guidelines, such as the appointment of a ‘Civilian Representative’ in an ombudsman-like role.

These changes come a month after the ISIS-inspired terrorist attack in San Bernardino, and at a time when the number of terrorism cases within the U.S. has significantly increased, as noted in detail in the recent report on ISIS in America released by my colleagues in the Program on Extremism. While this settlement may be beneficial in the short-term from a civil liberties standpoint, it likely makes it harder for the officers and other employees of the NYPD to play their role in preventing acts of terrorism in New York City, as they have tirelessly worked to do in the years since September 11, 2001.

Omnibus legislation: the cyber sausage gets made

Otto von Bismarck, the master politician who built modern Germany in the late 19th century said that “laws are like sausages, it is better not to see them being made.” The Omnibus bill that Congress is passing to fund the US government through next September is one huge, ugly sausage. Filled with chunks of budget, it is equally stuffed with a number of new laws. One of those chunks is the Cybersecurity Act of 2015, which includes an updated compromise version of the Cybersecurity Information Sharing Act (CISA). And a lot of people do not like the taste of this one bit.

CISA has been kicking around Capitol Hill for a number of years. Proponents say it is about sharing cyber threat and Internet information traffic between the government and the private sector. Opponents have labeled it a civil liberties danger with vast amounts of personal information being controlled and shared among government agencies with little oversight. Now, with a dash of oversight protection by Inspectors General and the Government Accountability Office thrown in, CISA was made part of the omnibus appropriations bill. And thus cyber sausage is made.

To add fuel to the cyber debate, Senate Majority Leader Mitch McConnell has said recently the legislative agenda for next year will include a review of the revisions to the PATRIOT Act from last year – pre-San Bernardino. The cyber industry response was swift and negative with one major lobbying organization calling such actions “reactionary.” An opposing wit compared the cyber industry’s reaction to the National Rifle Association – the Internet does not kill people, people kill people.

So where does this leave us in December 2015? The pressure post-San Bernardino to increase surveillance on the Internet and within social media next year is going to be huge. You can guess how each side will argue the debate based on previous positions. White papers are being drawn up. Metaphorical cyber wagons are being circled. And Presidential year politics will be filled with bombastic arguments on both sides.

Let me suggest, however, that in the middle of this debate the most important thing to keep in mind is what do we need to do to keep our citizens safe — safe from terrorists and safe from massive government intrusion in our lives.

This is a balance and it always will be a balance. If we now err on the side of more collection then it needs to be done with better oversight than we’ve had so far. Frankly, whatever you may think of Edward Snowden, he brought home the ugly truth that massive, legal collection was taking place. Few knew how massive and fewer were providing something beyond rubber stamp oversight.

However, we also need to remember that there is no such thing as 100 percent security. We can collect every cyber haystack looking for terrorist needles and still miss the leads to a pending event.

Still, as heated, as the debate will be in 2016, it is better done in the open with both sides having at it and reaching some form of working agreement that will likely please no one. As Bismarck also said, “politics is the art of the possible, the attainable – the art of the next best.” No matter what we decide, nothing will be 100 percent satisfactory to everyone.

DHS updates its terrorism advisory system

Earlier today, DHS Secretary Jeh Johnson announced changes to the National Terrorism Advisory System, adding a new category of warning, the NTAS Bulletin, to complement NTAS Alerts, and to be used as follows:

NTAS Bulletins will provide information describing broader or more general trends and current developments regarding threats of terrorism. They will share important terrorism-related information with the American public and various partners and stakeholders, including in those situations where additional precautions may be warranted, but where the circumstances do not warrant the issuance of an “elevated” or “imminent” Alert.

DHS also issued its first NTAS bulletin in conjunction with the Secretary’s statement, a one-pager on the global threat environment that highlights the Department’s concerns with “self-radicalized actor(s) who could strike with little or notice.”

Overall, this introduction of NTAS Bulletins is an improvement to the system, and is particularly warranted given the fact that DHS and the FBI already produced unclassified bulletins for law enforcement and first responders – their Joint Intelligence Bulletins (see this example) – which are widely disseminated and almost always find their ways to the news media a few days after they are issued. It makes a lot of sense to repurpose many of these JIBs into NTAS bulletins, in instances where the vigilance of the general public may help to prevent or disrupt a particular threat.

However, these changes to the NTAS do not address my long-standing concerns about the underuse of NTAS, which I outlined in this blog post last year, noting that there were a number of circumstances in the past 3-4 years where the issuance of an NTAS alert was warranted in my opinion, based on the system’s own standard of a credible threat (for an elevated alert) or a specific and credible threat (for an imminent alert). For example, I still maintain that DHS should have issued an NTAS alert after the Boston Marathon bombings during the four days when the attackers (the Tsarnaev brothers) had not yet been identified and were still at large.

Given the current pace of ISIS-related terror plots, there will likely be similar circumstances in the coming months and years where DHS should issue NTAS Alerts, not to stoke fear but to ensure that the American people have an informed understanding of current threats. Hopefully today’s changes to NTAS will also lead the Department’s leadership to be more forward-leaning in utilizing the system.

But in the meantime, the 25,000+ followers of the @NTASAlerts twitter account are still waiting for that first tweet.

A difficult dichotomy for American policing

The so-called “militarization of police” became a topic of intense political conversation after the officer-involved shooting of an unarmed 18-year-old man in Ferguson, MO in August 2014, followed by days of civil unrest. American police departments have been criticized for stockpiling military-grade weapons and gear, which are often used for routine raids, such as serving search warrants, or deployed against protestors, as was done in Ferguson. Critics question whether such equipment is needed by police.

In May, President Obama announced changes to a key federal program transferring such equipment from the Department of Defense to local police, the 1033 Program. The federal government will no longer provide certain types of “heavy military” equipment, including large caliber weapons and ammunition, and law enforcement agencies must submit to stringent federal oversight and restrictions for other equipment, such as riot gear and wheeled armor and tactical vehicles.

But the San Bernardino mass shooting, like the Paris terror attacks, has added another perspective to the debate over “militarization” and what equipment and tactics local police should have access to.

Recent attacks have demonstrated a shift in terrorist tactics where they are no longer interested in negotiating, are heavily armed, and attack ‘soft’ targets with the intent of killing as many people as possible. Speaking on Face the Nation, New York City police commissioner, William J. Bratton, called the Paris attacks a “game changer” for law enforcement. Former Chicago superintendent, Garry McCarthy, acknowledged that terrorists are changing tactics and told his officers, “We’re going to be in a combat situation if these things happen and we have to adjust our strategies in that way.”

U.S. police officials are not alone in advising more aggressive police tactics. Police officials in Europe are demanding heavier weapons and protective gear for counter-terrorism response. In Britain, Metropolitan Police assistant commissioner, Patricia Gallan, said officers are being trained to “go forward” to confront terrorists.

Indeed, law enforcement has been shifting tactics since the attacks in Mumbai, India. Ordinary patrol police are increasingly expected to confront active shooters without waiting for more heavily armed SWAT teams. Armed with little more than handguns, these officers face heightened danger as evidenced by the death of University of Colorado police officer Garrett Swasey who was killed intervening in the Planned Parenthood shooting in Colorado Springs.

Ferguson and San Bernardino present a conundrum for law enforcement. One one hand, police need military-grade equipment and new tactics to counter new terrorist tactics. San Bernardino county law enforcement has been the beneficiary of $5.8 million in 1033 Program surplus equipment since 2006; some of which was likely used in the Inland Regional Center response. Equipment acquired through the 1033 Program was on hand during the Boston Marathon bombing.

Ultimately, though, police officers must be peacekeepers, not warfighters. The greatest asset in the fight against terrorism is positive police-community relations – which requires building public trust. Now, more than ever, community policing is essential. Police must cultivate robust and ongoing relationships, especially in immigrant and Muslim communities.

Scott Somers, Ph.D. is a senior fellow at the GW Center for Cyber and Homeland Security and Professor of Emergency Management at Arizona State University.

China Has Changed Its Cyber Rhetoric, Now How About Its Behavior?

Chinese President Xi Jinping has had a busy autumn as the globe’s cyber diplomat-in-chief.  How does the U.S. government now get Chinese government-supported hackers to change their behavior in a way that matches President Xi’s rhetoric?

On December 1 and 2, Homeland Security Secretary Jeh Johnson and Attorney General Loretta Lynch hosted a Chinese delegation led by State Councilor and Minister of Public Security Guo Shengkun in the first meeting of the U.S.-China High-Level Joint Dialogue On Cybercrime And Related Issues.  The Dialogue, as described in the Joint Statement released at the end of  President Xi’s State Visit in September, is to “review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side” and provide a hotline to escalate cases that could not be resolved through working-level cooperation.  

Surprisingly, the press release issued by the U.S. Departments of Justice and Homeland Security after the meeting contained no mention of the norm proscribing cybertheft – the government-directed, cyber-enabled theft of proprietary business information used for competitive advantage – or even any generic suggestion that the U.S. side raised cases that illustrate U.S. concerns about Chinese conduct in that regard.

In fact, China’s agreement to a norm proscribing cybertheft – optimistically described as an agreement by China not to conduct cybertheft – was the main event at the State Visit.  Afterwards, President Xi even followed up with two months of aggressive diplomacy designed to make China the primary proponent of this norm.  During visits to other Western countries, Xi and his Prime Minister Li Keqiang added the norm to joint statements and the G20 leaders even adopted it in the Antalya Communiqué issued at their meeting last month in Turkey.

Surely, the broad push to adopt this norm represents a new understanding by Chinese leaders that such activity needs to end?  Unfortunately, as I’ve written previously in this space, the agreement on the principle is accompanied by Chinese denials that they conduct cybertheft – denials that mirror denials on malicious activities in cyberspace heard from Chinese officials in the past.  And this week, the Chinese government also redirected attention from cybertheft when it confirmed that before President Xi’s visit to Washington it detained an unspecified number of unidentified independent hackers in connection with the OPM data breach earlier this year – not the Chinese government cyber operators the Administration originally fingered.

One possible interpretation of China’s aggressive diplomatic push in favor of the norm and its effort to shift responsibility for the OPM hack away from government actors is a true change of heart in Beijing.  Perhaps the Chinese government has concluded that stealing the innovative output of other countries is ultimately self-defeating and that such theft will no longer be a major component of its approach to innovation.  After all, such theft is essentially parasitic and it requires a healthy host to support it (see p. 6).  If the theft continued across decades, it would undermine—even more surely than failure to enforce intellectual property rights—the fundamental capability of innovative elements of the developed world’s economy to receive a return on the sector’s large investment in R&D.  If the parasitic activity eventually kills the host, the result is a loss for both the developed world and China.

But that seems too optimistic.  U.S. cybersecurity firms reported about one month after the State Visit that private U.S. companies were still being attacked by Chinese hackers operating with an unchanged methodology.  And in mid-November, Bill Evanina, the Director of the Office of the U.S. National Counterintelligence Executive, had seen “no indication” that Chinese behavior had changed.  So, in spite of a diplomatic blitz in favor of this norm against cybertheft, the Chinese leadership still treats its statements about refraining from cybertheft with the same cynicism displayed regarding promises not to militarize the South China Sea and never to pursue hegemony.

Examining China’s major reversal over the last three months closely, you can find a clue to why China has gone from chief denier of government-supported cybertheft to primary proponent of this norm.  The switch was flipped when a leak from the White House about the threat of sanctions against Chinese entities and individuals for cybertheft under President Obama’s April 2015 Executive Order brought President Xi’s negotiator, Meng Jianzhu, to Washington to orchestrate President Xi’s acquiescence to the anti-cybertheft norm.  Although unilateral economic sanctions, especially those that are very limited in scope, are thought to be more a way to send a message than to fundamentally alter a regime’s behavior, the reaction to merely the threat of sanctions was dramatic and immediate.

As I wrote in this space immediately following the State Visit, on cybertheft China has offered words in exchange for a change in action on the part of the U.S. government in a classic tactical gambit drawn directly from Sun Zi’s Art of War.  But if the mere threat of sanctions resulted in the diplomatic reversal, why should the U.S. government suppose that limited sanctions would change behavior?  Because such targeted actions appear to have worked with China on this issue in the last 18 months.  When the U.S. government indicted five People’s Liberation Army (PLA) officers for cybertheft in May 2014, the diplomatic response from China was furious and seemed counterproductive:  China withdrew from the State Department-led bilateral cyber dialogue and demanded the withdrawal of the indictments in most of its diplomatic engagements with U.S. officials.  According to the Washington Post this week, however, behind the scenes, the PLA’s responded by dramatically reducing the level of economic espionage conducted by PLA-controlled actors.  In other words, the indictments changed the behavior that has so frustrated U.S. policy makers.

Imposing the sanctions that the White House had contemplated in August might have resulted in a difficult diplomatic fallout.  The upside, however, is that those sanctions also might have convinced the civilian hackers in China’s Ministry of State Security to curtail their cybertheft practices in the same way last year’s indictments convinced the PLA.  It is not too late to learn this lesson.  Now that China has agreed to appropriate norms of behavior in cyberspace without actually curtailing its malicious activities, the time has come to sanction Chinese entities and individuals responsible for cybertheft to get the change that will actually matter for the U.S. economy.

The Twilight Struggle With Radical Islam

The scenes from Paris after Saturday morning’s attacks are sickening, angering, and disheartening. They are also not totally unexpected and will likely occur again. We, the West, can lull ourselves into a feeling of safety narrowing the reasons and the regions of trouble. However, let me be clear – we must stop whistling through the graveyard regarding our worldwide war with ISIS, Al Qaeda (AQ) and other forms of radical Islam.

President John F. Kennedy said in his inaugural address in 1961 something about a similar struggle with Communism and the Soviet Union. Kennedy was a realist who understood the burdens facing the West. He said, “now the trumpet summons us again, not as a call to bear arms, though arms we need; not as a call to battle, though embattled we are – but a call to bear the burden of a long twilight struggle…” It took another 30 years for us to win that war – already 20 years old. Make no mistake; we are in similar long, twilight struggle with ISIS and all other forms of radical Islam.

There are many reasons why this war – and it is a war because they think it is a war – will not go away soon. Fundamentally, radical Islam is based on the belief that the Westernization of the world has gone to far and offends the premises of Islam. The acceptance of women as social equals, the open social mores of the West, the separation of religion and state, and the existence of Israel are all a part of the witches’ brew of this anger.

We are also faced with a generation of young men in the Middle East (and some in the West) who are underemployed and disconnected with their society. One of my friends calls them “dude fighters.” In a previous generation, they would have been hanging on street corners, smoking weed, going to the gym, and chasing girls. Some still do.

However, the cause of jihad appeals to these “dudes” deeply. It is about them and their heritage and feelings of being dispossessed. And those who are 20 years old with nothing to live for are willing to die for causes because they think it will be their glory. For those in the West puzzled by this, think about Lee Harvey Oswald, John Wilkes Booth, and the Tsarnaev brothers among others. Dispossessed from their society, angry, and in their 20’s. A cause was all they needed to act. And they did.

Europe must also do some soul searching. Immigrants there are treated with the same lack of respect we inflicted upon African Americans in the south during the Jim Crow period. They are marginalized, stigmatized and ghetto-ized. The housing projects of Western Europe are petri dishes for the development of radicalism.

As for the United States, we are in this war whether we like it or not. The Presidential decree that the war on terrorism was over sent the wrong message. We looked like we were quitting the field and radicalism won a major victory. Setting red lines in Syria and stepping back also allowed a Petri dish of radicalism to develop and metastasize into an area that would allow the existence of an ISIS.

I have no fear that we will win the battle with radical Islam. I also believe it will be a long, drawn out affair taking place on battlefields worldwide. And it will increase focus on “soft” civilian targets. But, history is not on their side. The last 250 years have been about people looking for more freedom and less oppression. ISIS and AQ are an aberration. But to defeat them, we must show continued strength, resolve, and wisdom in dealing with a different culture. We are in a twilight struggle that can be won.

Terrorism — The Old Fashioned Way

Mark Twain once said the history does not repeat itself, but it does rhyme. So, when I heard about the Russian flight blown up over the Sinai, I immediately thought of Pan Am 103. Blow up over Scotland by Libyan bombers in 1988; I had friends who knew people killed on that flight. One acquaintance lost his son.

I suspect it will take less time to find out the perpetrators of this travesty thanks, in part, to the 21st century level of electronic surveillance available and the inability of people to stay off their 21st century cell phones. All evidence points to a group of Islamic State terrorists from the Sinai. In 1988, the identification of the Libyans took a lot longer and involved some great Scots police work and an inch-by-inch ground search – finally turning up a small piece of a circuit board that set off the bomb.

So what lessons are we to take from this most recent bombing? First of all, no matter what kind of physical and electronic security you introduce, there is no such thing as 100 percent security. People have decried the security at Sharm El Sheikh as they decried the security in Frankfurt for Pan Am 103. Granted in both cases, the security was not good. But as the IRA terrorist once said, you have to be right every time and we only have to be right once.

Second, for now, this attack does not appear to be a function of cyber. It is an old fashioned mass murder committed though the timing on any device; likely as simple as an alarm clock or, possibly, a cell phone. For those of us who live in cyber world, this provides little comfort. It is only a matter of time until the Internet of Things into which we are hurdling is used to cause mass murder. Let this event over Egypt not turn our eyes away from that ugly, soon to be, fact.

And, finally, the loss of the Russian plane is a reminder that we are in a long, dirty struggle with Islamic radicalism. Make no mistake that what happened in Egypt can and will be exported by “foreign fighters” returning to the West or “wannabes” here as well. History will rhyme and we need to gird ourselves for it.