Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Coronavirus threats highlight need to improve federal government’s cyber policy

Thursday, May 14, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

About 30 minutes into a virtual Senate hearing on revamping U.S. cyber policy, the Department of Homeland Security and the FBI sent an alert warning of Chinese hackers targeting health care institutions.

The joint alert from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency said the bureau is investigating hacks by Chinese-backed actors stealing intellectual property and public health data related to vaccines and treatments for COVID-19. The statement also warned that “the potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”

Meanwhile, lawmakers on the Senate Homeland Security and Governmental Affairs Committee pressed members of the Cyberspace Solarium Commission on their 75 cyber policy recommendations. The commission’s aim was to improve U.S. cyber policy and the cybersecurity of America’s critical infrastructure, such as that related to health care or the electric grid.

“One of the things this pandemic has showed us is how vulnerable we are,” Sen. Angus King, I-Maine, said as a witness at the hearing. King serves as a co-chair on the Cyberspace Solarium Commission.

The commission report, released March 11, recommended a new, three-pronged U.S. cyber strategy dubbed “layered deterrence”: strengthening cyber defenses, establishing international norms and imposing costs.

The “imposing costs” piece has vexed policymakers from Capitol Hill to the executive branch, and the commission report doesn’t make specific recommendations for what that approach might look like. But one thing was clear to the commissioners: Costs must be imposed.

“If you come at us during a time of crisis, like the national pandemic, the response will be stronger," King said. “The penalties will be stronger.”

Establishing international norms, or acceptable behavior in cyberspace, is another important piece of the solarium strategy, King said.

Gathering the support of the international community is critical to establishing these acceptable behaviors. For example, in February, the U.S. State Department and more than a dozen other nations joined to attribute a cyberattack on the country of Georgia to the Russian military .

“A system of norms, based on international engagement and enforced through these instruments of power, helps secure American interests in cyberspace,” King wrote in a joint opening statement with his fellow commissioners.

New roles in the executive branch

Both the commission report and the hearing signaled growing support for increasing the authorities of the Cybersecurity and Infrastructure Security Agency, or CISA.

The alert about Chinese-backed hackers boosted the sense of urgency. Just before the hearing, Sen. Gary Peters, D-Mich., sent a letter to President Donald Trump urging him to direct CISA and U.S. Cyber Command to prioritize assisting hospitals and medical research organizations with their cybersecurity.

CISA is supposed to be the lead agency on a range of cybersecurity issues, including protecting federal networks, election security and critical infrastructure. However, outside of federal agencies, CISA lacks the authority to direct organizations on what actions to take.

The Cyberspace Solarium Commission’s report seeks to boost CISA’s authorities — a step supported by several members of Congress. Sens. Ron Johnson, R-Wis., and Maggie Hassan, D-N.H., have introduced legislation that would give CISA the authority to issue administrative subpoenas to compel internet service providers to turn over contact information of critical infrastructure operators that CISA identifies as running vulnerable systems.

Right now, DHS has the ability to scan the internet for known vulnerabilities, but the challenging part for CISA is what comes next.

“What we cannot do without a tremendous amount of effort, and sometimes not at all, is to identify who owns that system so that we can reach out to them and warn them,” said Suzanne Spaulding, a commissioner and former director of the National Protection and Programs Directorate, which was later renamed CISA.

Johnson, the chairman of the committee, said he wants the administrative subpoena bill inserted into the annual defense policy bill. For its part, the commission wants to place about 30 percent of its recommendations into the defense policy bill, including pushing for the inclusion of several cyber workforce recommendations it outlined in a May 4 letter to leaders of the congressional Armed Services committees.

Senators also asked the commissioners how they propose the federal government can help state and local governments across the country, particularly as they deal with constant outbreaks of ransomware attacks. In the commission report, it recommends creating a cyber state of distress — a declaration that would give states access to federal resources.

“The key there is it would trigger the ability of CISA particularly to use funds to tap into a response and recovery fund to scale up to go out and help these researchers, these facilities that are being attacked, hospitals, our health care providers,” Spaulding said, adding that states would also be able to get help from the intelligence community or the Defense Department.

Cyber issues across the government, the commissioners argued, also require coordination under a new position in the executive branch, which the commission called the national cyber director.

There is interest in Congress about identifying the role of a national cyber director. King said he received a letter from Sen. Mike Rounds, R-S.D., asking for more details about structure and authorities of the position.

“We need somebody at a very high level who can oversee, coordinate and work on the planning with all these different disparate parts of the federal government that are working on this,” King said. “I think that’s an absolutely critical need.”

Photo: Sen. Angus King, I-Maine, is the co-chair of the Cyberspace Solarium Commission. (Andrew Harnik/AP)

Link: https://www.fifthdomain.com/congress/capitol-hill/2020/05/13/coronavirus-threats-highlight-need-to-improve-federal-governments-cyber-policy/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.