Resilience

Cyber Grand Strategies: Technology vs. Human Interaction

by Bonnie Butlin

The National Security Agency (NSA) leaks by former NSA contractor Edward Snowden became public on 5 June 2013 in The Guardian and revealed more than just ified documents. They revealed a U.S. cyber grand strategy intended to secure the homeland from terrorist attacks, employing NSA programs based on an extrapolation of Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, and on Section 702 of the Foreign Intelligence Surveillance Act of 1978. The cyber strategy was grand-strategic, having been applied in a global security context, during peacetime operations, on U.S. soil, with resources beyond a military scope.

The U.S. Approach to Cybersecurity Counterterrorism arguably requires a grand-strategic approach: it aims to protect civilians on U.S. soil in peacetime; requires extra-military means, such as law enforcement and intelligence resources, and cooperation of the telecommunications companies; and entails a global element. The Privacy and Civil Liberties Oversight Board (PCLOB) found, in its 23 January 2014 report, that there was noentified U.S. terror nexus, rather that the threat had a global dimension. Once revealed, the technology-driven cyber grand strategy proved unpalatable to the people in the United States, and the associated programs are currently under review and/or NSA is rolling them back.

The NSA’s 215 and 702 programs were the basis for the cyber grand strategy with a light footprint launched against a strategic terrorist threat within U.S. domestic space that also had a light footprint. Similar to using air power to find enemy operatives in a large area of military activity, cyber grand strategy employed a nonphysical presence that allowed the United States to find single terrorist “needles” within the U.S. domestic “haystacks” using cyber technology. The new cyber technology allowed for unprecedented scope, scale, and duration of the search and, like air power, enhanced awareness and control of the domestic multidimensional battlefield, or “battlespace.”

As terrorists could blend into the population and potentially could strike anywhere, U.S. cyber surveillance – through the 215 and 702 programs – could monitor their communications everywhere. By using bulk collection without specified reasonable articulated suspicion (RAS) and by employing sophisticated computational analysis of metadata, the NSA was able to conduct surveillance without the knowledge of the U.S. public.

The two NSA programs could corroborate existing intelligence on terrorists and terrorist activities, generate new lines of investigation, andentify and monitor persons of interest. Even with this enhanced domestic battlespace awareness, given domestic restrictions, the programs had little likelihood of success. The terrorists were still “needles,” and the data trove enormous and growing. According to the 23 January 2014 PCLOB report, the NSA programs neitherentified nor disrupted any active plots, but didentify one previously unknown terrorist. The collateral damage from the programs quickly became apparent in the form of privacy concerns, fears of abuse, and deterrent effects on free speech and association.

Lightening the Cyber Grand Strategy’s Footprint The technology-driven programs emerged from a weak legal footing. Section 215 of the USA PATRIOT Act (originally intended for handover of specific existing business records in relation to specific investigations) was loosely extrapolated to allow for broad and continuous cyber bulk collection, without applicable Supreme Court jurisprudence dealing with cyber collection, retention, and analysis of comparable scope and duration. Terrorists, who were anywhere in the United States, were certainly communicating by telephone, so the NSA looked everywhere, treading increasingly heavily through the metadata to find them: collecting records in bulk, contact chaining with three “hops,” using sophisticated computational metadata analysis, and leveraging the historical connections contained within years of stored data. The programs quietly expanded into what was arguably a strategic, full-saturation surveillance presence – well beyond the light-footprint approach originally envisioned.

Following the Snowden leaks, President Barack Obama met with the PCLOB on 21 June 2013 to discuss the imbalance between the NSA’s counterterrorism operations and growing privacy concerns. In the 17 January 2014 Presidential Policy Directive PPD-28, to safeguard personal information, Obama ordered a number of reports and studies from the PCLOB, the Office of the Director of National Intelligence, and the President’s Intelligence Advisory Board. He sought additional protections that include the use of special advocates, fewer “hops” and greater oversight, increased publication of government requests, and additional protections for non-U.S. citizens. Also requested was a study on the feasibility of software that could target with more focus and accuracy within the NSA programs – a more-surgical technological solution. Obama also encouraged the prioritization of collection methods other than bulk collection, but did not go so far as to shut down the programs. These responses strive to reduce the weight of the cyber grand strategy’s footprint to its intended light footprint, without foregoing the unique vantage point and awareness that the NSA programs provide, albeit with mixed results.

The Canadian Approach to Cybersecurity An alternative cyber grand strategy has emerged in Canada (where the intelligence community also received ministerial approval to collect metadata in both 2005 and 2011). Also a broad cyber approach with a light footprint, it relies not on technological solutions such as bulk data collection and metadata analysis, but rather on human networks and professional information sharing, which carry less risk to personal information and privacy than the NSA programs.

The Inter-Association Working Group on Cyber Security (IAWGCS) of the Canadian Security Partners’ Forum focuses on networked information sharing among cyber professionals. The IAWGCS has brought together the Canadian professional associations with a stake in cybersecurity – 50 distinct associations from a total of some 120entified security-related associations across Canada.

Professional association memberships bridge the private and public sectors, all levels of government, and all geographic regions of Canada, as well as reflect 50 unique association perspectives on cybersecurity issues – including but not limited to terrorism. Approaching issues from 50 different professional angles provides unprecedented contextualized understanding of the cyber landscape and unmatched depth of expertise that is credible, transparent, and nonintrusive. The resulting battlespace awareness does not target individual persons of interest, but arguably leaves decreasing room for terrorist activity to slip between seams and operate undetected within Canadian space.

The NSA programs focus technology onentification and attribution at the individual level for preventive and even pre-emptive counterterror efforts, whereas the IAWGCS – through the engagement of many diverse cyber professionals – provides a multivector, high-level, strategic, and shared understanding of the cyber landscape in Canada. The Canadian approach has little risk of developing a heavy-footprint presence because the existing expertise can achieve results without infringing on additional personal privacy space. The Canadian Security Partners’ Forum focuses on information sharing among security professionals to build the general Canadian security capacity, whereas the IAWGCS specifically focuses on building the Canadian cybersecurity capacity. Unlike the one-way NSA bulk collection, storage, and analysis of data, the IAWGCS can both push and pull information through its network, similar to the “work-related access” model of intelligence sharing that Obama proposed in his 17 January 2014 address to the nation. The IAWGCS is a broad, flat-structure network of cyber professionals that supports more-fluid information sharing, with a light but comprehensive national presence.

Both cyber grand strategies are enhancing security domestically in peacetime – the NSA programs using technology-driven metadata, and the IAWGCS leveraging human-networked interactions among cyber professionals. The NSA programs are more immediate in their objective of disrupting terrorist activities, whereas the IAWGCS focuses on long-run strategic effect in building capacity and resilience within Canadian security. Although the IAWGCS appears to be more palatable to the public in the short run, the two cyber grand strategies (technology- and human-based) may in the long run be complementary in securing the homeland.

________________________ Bonnie Butlin is executive director of the Canadian Security Partners’ Forum (CSPF), and managing director of the Canadian Security Executive Forum (CSEF). She has a diverse background in the fields of defence, intelligence, and security; and she was the sole author of a commissioned study for the Federal Court of Canada on National Security and the Administration of Justice. She also was named one of Security Magazine’s “Most Influential in Security” for 2013. She holds an MA in international affairs, with a specialization in conflict analysis and resolution. Her focus areas include: domestic threat networks; gray-area threats (including synergies among insurgency, terrorism and organized crime); and military and counterinsurgency strategy.