Cyber Security | Wilson Center

Cyber Security

Will They or Won’t They? Understanding the Encryption Debate

In a California court, Apple CEO Tim Cook and FBI Director James Comey are battling over the phone of the San Bernardino gunman - an iPhone that Comey says Apple has a legal obligation to help unlock. Apple, for its part, says that aiding the FBI here would set a precedent that undermines both security and privacy for millions of smartphone users. Similar debates are playing out across the country (two states are now considering legislation to regulate the use of smartphone encryption) and around the world, as governments weigh the policy challenges posed by secure communications.

The Life Cycles of Cyber Threats

Technology isn’t human, but it has stages of life. The period after the conception of a new piece of technology is often marked by significant investments of time and resources, often with little tangible return. If this work is successful, the technology begins to enter use, benefiting from iteration and design improvements. It may then begin to spread, gaining in popularity and begetting virtuous economies of scale. If all continues to progress, the technology will mature in the marketplace. Even if it attains market dominance, however, that position will not be permanent.

How States Drive the Diffusion of Cyber Capabilities

Amid the raging debate on cryptography, Apple CEO Tim Cook insisted, “You can’t have a backdoor that’s only for the good guys.” In other words, security sometimes means denying yourself a capability so that adversaries are less likely to gain it. Some policy options, such as unlocking the phone of a suspect, are blocked in order to preserve a more secure computing ecosystem.

Killing Jihadist Hackers Sets a Flawed Precedent

For much of the early 2000s, the worst job in terrorism was “Al Qaeda’s third-in-command.” During one hot streak, as Timothy Noah reported, the United States killed four of the men in that seat in as many years. Today, in one sign of how much warfare has since evolved, individuals who lead Islamic State hacking efforts have an even shorter life expectancy. With the recent announcement that a U.S.

Milestones in Digital Terrorism

Global terrorism is increasingly characterized by online activity, while counterterrorism requires understanding an adversary’s new media and cyber capabilities. Terror organizations hack and tweet in order to recruit, fundraise, promote ideologies, and coordinate kinetic attacks. With that in mind, the Digital Futures Project is compiling a timeline of milestones in digital terrorism, including the release of encryption programs and OpSec manuals for jihadists, data breaches and doxes, and other incidents. Entries are tagged with keywords and followed by brief summaries.

The Ashley Madison Way of War

On December 11, 2015, Islamic State supporters published the home addresses of dozens of national security officials. It isn’t clear that the details are authentic, or that they were gathered via anything more sophisticated than Google, but the move marked a growing interest in low-grade digital conflict — the spread of an Ashley Madison way of war.

The encryption fight is overblown

Governments are not wired — physically or intellectually — to embrace technology. In 1922, the Michigan Supreme Court warned that cars would offer criminals and anarchists a “means of silent approach and swift escape unknown in the history of the world before their advent.” They urged a national debate: “The question of their police control and reasonable search . . . is a serious question.”

Security Clearance: A Next-Gen Overhaul

When hackers made off with sensitive data from the Office of Personnel Management, they put new stress on a creaky approach to security clearances. Too often, the federal system freezes out individuals with critical language skills, cultural acumen, and strong ties to sensitive regions; at the same time, it failed to counter the insider threat posed by leakers like Edward Snowden.

Cybersecurity treaties may be nice, but it’s really every country for itself

The United States and China are attempting to negotiate what would be the first cyber arms-control agreement to ban peacetime attacks on critical infrastructure. The talks reflect the commitment that Washington and Beijing made at the conclusion of Chinese President Xi Jinping’s recent U.S. visit to “identify and promote appropriate norms of state behavior in cyberspace.” The first ministerial-level meeting on cybersecurity is due to take place before the end of this year.

Arms Control in Cyberspace?

U.S. policymakers have compared the challenge of managing threats in the cyber domain to that of controlling nuclear weapons during the Cold War. The United States and China are currently negotiating what would be the first cyber arms control agreement to ban attacks on each other’s critical infrastructure in peacetime. The Obama administration believes such an agreement could lead to a broader “international framework” of norms, treaties, and institutions to govern cyberspace.