Print
Topic: Technology
Type: Articles
Rate this article
(no votes)
 (0 votes)
Share this article
Matthew Crosston

Inaugural Director of the Institute for National Security and Military Studies, Professor of Political Science, Austin Peay State University (TN, USA)

On April 1, 2015 President Barack Obama issued an executive order enabling the United States to “block the property of certain persons engaging in significant malicious cyber-enabled activities.” The President himself grandly declared the maneuver as “giving notice” to those who seek to damage or harm the national security, economy, or critical infrastructure of the United States.

On April 1, 2015 President Barack Obama issued an executive order enabling the United States to “block the property of certain persons engaging in significant malicious cyber-enabled activities.” The President himself grandly declared the maneuver as “giving notice” to those who seek to damage or harm the national security, economy, or critical infrastructure of the United States.

He further defined this as disrupting or hijacking American networks, stealing trade secrets of American companies, or the personal information of private citizens. This is basically supporting the beliefs of the National Security Council, which has long-believed in the “profit-orientation” of most of the malicious cyber activity taking place around the globe, so freezing assets are hoped to be a significant thorn in the sides of hackers that really matters. While there is no denying the growing importance of combating cyber-crime and admitting the intimate and increasing connection that exists between criminal activity and national security, there are some basic immutable aspects to the cyber realm and curious ambiguities in the Executive Order itself that should raise diplomatic eyebrows the world over.

Immutable and Problematic Aspects to the Cyber Realm / Clarity Issues With The Executive Order

Attribution and Legal Recourse

This is supporting the beliefs of the National Security Council, which has long-believed in the “profit-orientation” of most of the malicious cyber activity taking place around the globe

This problem has always existed and has been the longest-standing obstacle in achieving significant progress in terms of “cyber punishment.” Since any cyber activity produced with sinister intent is routed through so many secret channels, side avenues, and rabbit holes (not doing so only proves the amateur status of the perpetrator and thus it doesn’t meet in my opinion the Executive Order threshold of being a “significant” cyber actor), being able to conclusively “prove” the originator of malicious cyber activity is problematic. In today’s world we find out more about who did what by listening to internet chatter-bragging that takes place after a major incident. If no such chatter exists, then the United States tends to simply connect dots in a circumstantial way. But circumstantial evidence is often not “beyond a reasonable doubt.” Since this Order is aimed at economically sanctioning and hindering real assets of real persons, it is safe to assume such persons would have the full extent of the American legal system to combat such action. In such a case it seems reasonable the United States would then be obligated to prove in court the wisdom of its decision. Attribution problems, therefore, are not just innate to the cyber domain, they clearly will also give so-called malicious actors ample legal opportunity to defeat the Order in court.

Civil/Governmental Ambiguity

The problem might not be the absence of likely targets to freeze assets after major cyber incidents, but rather too many likely targetse.

Accepting as a given that malicious cyber actors actually do exist and do aim to hinder and harm the national security of many states around the world, not just the U.S., there is still the vexing problem of how those malicious actors tend to execute their cyber goals: by purposely fusing and obfuscating civil and governmental networks so that establishing a final single perpetrator path can often be impossible. In this manner the Executive Order is approaching the reality of cyber dangers in an overly simplistic and almost idealized manner. Real enemies in the cyber domain do not leave a neatly organized trail of virtual breadcrumbs for the United States Intelligence Community to chase down in an orderly fashion. Given the additional problem of attribution mentioned above, this means the problem might not be the absence of likely targets to freeze assets after major cyber incidents, but rather too many likely targets. Until the U.S. government has the tools to unpack and separate out the thousands of threads used by cyber actors to entangle their activities, the civil/governmental ambiguity problem could ostensibly make the Executive Order sit on the shelf and collect dust, unused.

What is a “Malicious Cyber-enabled Activity” in Real Terms?

REUTERS/Jonathan Ernst/Pixistream
Julien Nocetti:
Obama: Silicon Valley rather than Putin

Governmental decrees, especially Executive Orders from the President, tend to have a matter-of-fact conciseness that betrays a disturbing lack of detail and clarity. While the White House and National Security Council both say this Order will be used carefully and judiciously, the conceptualization of malicious activity within the Order itself is incredibly broad and ill-defined. In essence, the Order declares any political, economic, or societal danger coming from the cyber realm as potentially malicious. American society should be at least a little concerned when the White House seems to be defining malicious cyber activity in the exact same way the U.S Supreme Court defined pornography in the 1970s: We will know it when we see it. That only works when the people have complete trust and faith in the talent, wisdom, and rationality of the representative government. In 2015, there really aren’t any such peoples on earth, including the American people. The White House’s own blog confirms this worry when it answers the question as to who will be targeted by the Order with “the worst of the worst.”[1] With language like that one cannot help but wonder if the White House thinks malicious cyber actors hunch together in local cyber cafes, wearing black trench coats while stroking their handlebar mustaches as they openly declare their master plan to virtually enslave the world.

Attempting to address the real dangers that exist to national security in the cyber domain is a necessary thing. But addressing it in ways that do not take into account fundamental axioms of the domain itself, with language and mission goals that seem poorly conceived and legally compromised, likely means this Executive Order will amount to what many other Executive Orders ultimately become: holding a tiny cocktail umbrella against an oncoming cyber typhoon.

[1] Please see, https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know


Rate this article
(no votes)
 (0 votes)
Share this article

Poll conducted

  1. In your opinion, what are the US long-term goals for Russia?
    U.S. wants to establish partnership relations with Russia on condition that it meets the U.S. requirements  
     33 (31%)
    U.S. wants to deter Russia’s military and political activity  
     30 (28%)
    U.S. wants to dissolve Russia  
     24 (22%)
    U.S. wants to establish alliance relations with Russia under the US conditions to rival China  
     21 (19%)
For business
For researchers
For students