Leningrad, of course, is now known as St. Petersburg, a city that is a major center of cyber crime. Lewis adds that the U.S. is accelerating its shift away from Bush-era unilateralism. “For a long time the U.S. focused on unilateral action and no engagement and cooperation, and we appear to have realized that doesn’t work in a global network.”
Last month, a leading Russian cyber official, Vladimir Sherstyuk, who directs the Institute of Information Security Issues at Moscow State University and sits on the nation’s National Security Council, told Technology Review that Russia was willing to work with the United States. Efforts to reach Sherstyuk this week were unsuccessful.
Alexander also outlined the extreme difficulty of gaining “situational awareness” in cyberspace, especially with regard to espionage. “There are many takeaways [from Alexander’s talk] but a major one is that they have insufficient ability to understand what is transpiring on networks quickly,” said John Mallery, a researcher at MIT’s Computer Science and Artificial Intelligence Lab. “Advanced cyber threats, like those posed by the Russians or Chinese, are hard to detect. Their exploits are professional and supported by large skilled intelligence bureaucracies.” Defending against such threats may require more access to private networks to detect subtle and sophisticated attack patterns, he added.
Deibert says one major question now is how to preserve privacy amid such efforts. “The key questions, as always, will concern the substance of those negotiations: will we see a charter for global cyberspace that protects and preserves this domain as an open, global commons of information? Or will we see the further imposition of digital controls, nationalized communications spaces, and widespread surveillance?”
In April, Alexander reassured Congress that he would work to protect civil liberties even as he sought to gain a clearer picture of cyberspace. Elaborating, on June 3, he explained that the new command will operate under the same umbrella as the NSA, meaning it would consult with Congress, the Department of Justice, and would seek approval from the Foreign Intelligence Surveillance Court–which oversees surveillance on foreign agents inside the United States–to ensure the constitutionality of its actions.
In terms of waging actual cyber warfare, Alexander also said the new command is reviewing how it will handle different situations–such as a direct attack on the United States, one passing through a third country, or a case of espionage that resembles an attack. In general, Alexander said, he is reviewing the complex nuances of the rules of engagement. “Do those comport with the laws, the responsibilities that we have? Can we clearly articulate those so that people know and expect what will happen? And I think we have to look at it in two different venues, what we’re doing here in peacetime and what we need to do in wartime to support those units that are in combat,” he explained.