May 27, 2021
A connected world is a vulnerable world. The US can help secure it.
Our connected world is fragile. Witness the alleged Chinese hacking into Microsoft products, Russian hacking into the US government contractor SolarWinds, and the recent criminal hack of Colonial Pipeline that disrupted energy flows across much of the United States. Connectivity increasingly seems like a quaint, if not naïve, promise of a liberal order in decline. The post-Cold War phenomenon of globalization appears to be eroding with each new hack, every geopolitical move that builds a world of autocratic and democratic alliance blocs, and the rise of a new nationalism amplified by the pandemic.
But despite the recent events separating the world—like the onset of vaccine nationalism, the disruptions of Brexit, a decoupling in the US-China relationship, and a growing tide of digital authoritarianism and extremism—connectivity remains central to the international system. Countries are connected by global supply chains, and people interact with each other over social media in ways that vary from sharing stories to starting social movements. Emerging technologies aim to accelerate the rate at which the world can expand its connectivity, as 5G networks increase the speed and volume of data in circulation while constellations of satellites connect even the most remote areas on the planet.
As more of our lives move online, global networks of servers are becoming the new high ground in national security—and securing this connected world is increasingly becoming the central challenge of the twenty-first century.
After all, China and Russia are unlikely to attack the US military directly. As seen in their covert campaigns to tamper with elections, polarize Americans, and conduct widespread espionage, modern countries clash in gray zones online. There is a cyber character to political warfare that makes contemporary great-power competition distinct from its Cold War predecessor. There will be more subterfuge than decisive battles in the next century.
In this new world, the best offense starts with a good defense. The Biden administration can degrade and deny rival countries and global, reactionary non-state coalitions—which range from Islamic extremists to right-wing nationalists—by making it more difficult for them to hijack global connectivity for nefarious purposes. The administration should take immediate steps to make it more difficult for malign actors to conduct large-scale cyber and misinformation operations targeting American values and interests.
More specifically, the Biden administration should move to adopt the remaining recommendations of the US Cyberspace Solarium Commission that have not yet been put into law by the 2021 National Defense Authorization Act. These recommendations, varying from executive orders to expanded legislation and agency guidance, cover three areas: coordination, resilience, and capacity.
First, the federal government needs a more coordinated approach to cyber strategy. To this end, the Biden administration has called for a new national cyber strategy under the leadership of Chris Inglis, Biden’s pick for the new post of national cyber director. In parallel, the administration should conduct a broader review of the authorities associated with using cyber operations against adversaries.
Partners and allies will also need a coordinated cyber strategy, which the United States can lead. The Biden administration should invest in additional resources at the Department of State and the Department of Defense (DoD) to build international cybersecurity capacity. International security cooperation and security-force assistance need to evolve beyond groups of Marines helping partner countries practice amphibious landings; they must include sharing cyber intelligence and techniques for defending networks. With this leadership, the Biden administration could usher in a new era of cyber diplomacy that engages both countries and the private sector, building an intelligence-sharing network that secures global connectivity.
Second, the United States needs a more resilient defense industrial base, which is composed of an increasingly large and diverse network of contractors and suppliers. In the recent SolarWinds hack, Russia clearly exploited this vulnerability across an array of organizations. If left unchecked, this same vulnerability could be used in a future crisis to undermine the arsenal of democracy, limiting the United States’ ability to produce and deploy military equipment globally.
Developing a resilient defense industrial base requires setting a priority to share threat intelligence and hunt active threats. The government can build into its contracting policies and procedures key cybersecurity requirements and incentives to share intelligence on emerging vulnerabilities and tactics, techniques, and procedures for exploiting them. Creating a common situational understanding would help large and small defense firms reduce their vulnerability to devastating attacks like SolarWinds. These firms could also be required to allow government cyber professionals onto their networks to hunt down attempts by cyber adversaries to find backdoors into the DoD.
Third, the United States needs to retain the capacity to deploy cyber operations as a viable instrument of foreign policy in a crisis. There is a major shortage of cybersecurity professionals in the public and private sectors. Training and retaining talent have become a national-security concern. The Biden administration can begin to address this challenge by assessing the cyber mission force and instituting new programs to retain talent and build a next-generation cyber workforce.
National security is no longer measured by the size of a country’s military forces. It is measured by how efficiently and securely a country, as part of a network of allies and partners, exchanges information, resources, and ideas. Security in the twenty-first century starts with safeguarding the networks on which we all rely.
Benjamin Jensen is a nonresident senior fellow at the Atlantic Council’s Scowcroft Center for Strategy and Security, a professor at the School of Advanced Warfighting in the Marine Corps University, and a scholar-in-residence at American University’s School of International Service. He was also the senior research director and lead author for the US Cyberspace Solarium Commission.
Further reading
Image: James Ortiz looks over a rack in the server room at the Air Force Space Command Network Operations and Security Center at Peterson Air Force Base in Colorado Springs, Colorado on July 20, 2010. Photo by Rick Wilking via REUTERS.