Cyber-threats and the Limits of Bureaucratic Control

For over half a decade, the author has been writing about how and why the institutions modern nation-states rely on to fend off the threats––war, crime, and terrorism––that can erode their ability to maintain order and compromise their viability as sovereign entities become ineffective when the threats migrate into cyberspace. In a succession of law review articles and books, the author refined her analysis of the essentially unprecedented challenges cybercrime, cyberterrorism and cyberwarfare pose for law enforcement and the military. The goal of this article is to go beyond critiquing the efficacy of the current threat-control structures and outline an alternative approach. The current approach, which appropriately focuses on remediating specific factors that contribute to the inefficacy with which current United States threat-control structures confront cyber-threats, is inadequate because it seeks to “update” systems that were developed to control threats that were simpler and more parochial than the ones we confront now. The author does not believe existing threat-control structures can be modified in ways that will make them effective against the twenty-first century threats many countries already confront, and most, if not all, will eventually confront. Like others, the author believes we need a new threat-control strategy: one that replaces the rigid, hierarchical structures on which we currently rely, with systems that mirror the lateral, networked structures that prosper in cyberspace. This article outlines how such a strategy could be structured and implemented

Understanding the Workforce Needs of New Jersey's Public Health and Other Disaster Management Employers

This report explores the priority workforce needs of New Jersey's public disaster management system. An advisory group of disaster management-related employers from law enforcement and state and local public health systems and educational institutions was convened in the spring of 2006 to identify priority workforce skill needs. Researchers also conducted interviews with state officials, domestic security, public health, and disaster planning experts, as well as reviews of labor market information, state and national websites, and industry and scholarly literature

Social Aspects of New Technologies - the CCTV and Biometric (Framing Privacy and Data Protection) in the Case of Poland

The purpose of this paper is to review the institution responsible for the protection of personal data within the European Union and national example - Polish as a country representing the new Member States. The analysis of institutional system - providing legal security of communication and information institutions, companies and citizens against the dangers arising from the ongoing development of innovative new technologies in the European Union and Poland. This article is an attempt to analyze the possibility of using security systems and Biometry CTTV in Poland in terms of legislation. The results of the analysis indicate that, in terms of institutions Poland did not do badly in relation to the risks arising from the implementation of technology. The situation is not as good when it comes to the awareness of citizens and small businesses. This requires that facilitate greater access to free security software companies from data leakage or uncontrolled cyber-terrorist attacks. With regard to the use of security systems, CCTV and biometrics, Poland in legal terms is still early in the process of adapting to EU Directive. The continuous development of technology should force the legislature to establish clear standards and regulations for the application of CCTV technology and biometrics, as it is of great importance in ensuring the fundamental rights and freedoms of every citizen of the Polish Republic.Wyniki analizy wskazują, że pod względem instytucji Polska nie wypada źle w odniesieniu do zagrożeń wynikających z wdrożenia technologii. Sytuacja nie jest tak dobra, jeśli chodzi o świadomość obywateli i mniejszych firm. Wymaga to ułatwiania szerszego dostępu do darmowych programów zabezpieczających firmy przed wyciekiem danych lub niekontrolowanych cyber-ataków terrorystycznych. W odniesieniu do stosowania systemów zabezpieczeń CCTV oraz biometrii, Polska pod względem prawnym jest wciąż na początku procesu dostosowania do dyrektywy UE. Ciągły rozwój technologii powinien zmusić ustawodawcę do stworzenia jednoznacznych standardów i przepisów obowiązujących w zakresie stosowania technologii CCTV oraz biometrii, gdyż ma to ogromne znaczenie w zapewnieniu podstawowych praw i wolności każdego obywatela Rzeczypospolitej Polskiej

The United States’ and United Kingdom’s Responses to 2016 Russian Election Interference: Through the Lens of Bureaucratic Politics

Russia’s 2016 disinformation campaign during the U.S. elections represented the first large-scale campaign against the United States and was intended to cause American citizens to question the fundamental security and resilience of U.S. democracy. A similar campaign during the 2016 U.K. Brexit referendum supported the campaign to leave the European Union. This paper assesses the policy formation process in the United States and United Kingdom in response to 2016 Russian disinformation using a bureaucratic politics framework. Focusing on the role of sub-state organizations in policy formation, the paper identifies challenges to establishing an effective policy response to foreign disinformation, particularly in the emergence of leadership and bargaining, and the impact of centralization of power in the U.K. Discussion of the shift in foreign policy context since the end of the Cold War, which provided a greater level of foreign policy consensus, as well as specific challenges presented by the cyber deterrence context, supplements insights from bureaucratic politics. Despite different governmental structures, both countries struggled to achieve collaborative and systematic policy processes; analysis reveals the lack of leadership and coordination in the United States and both the lack of compromise and effective fulfillment of responsibilities in the United Kingdom. Particular challenges of democracies responding to exercises of sharp power by authoritarian governments point to the need for a wholistic response from public and private entities and better definition of intelligence agencies’ responsibility to election security in the U.K

Cybersecurity, bureaucratic vitalism and European emergency

Securing the internet has arguably become paradigmatic for modern security practice, not only because modern life is considered to be impossible or valueless if disconnected, but also because emergent cyber-relations and their complex interconnections are refashioning traditional security logics. This paper analyses European modes of governing geared toward securing vital, emergent cyber-systems in the face of the interconnected emergency. It develops the concept of ‘bureaucratic vitalism’ to get at the tension between the hierarchical organization and reductive knowledge frames of security apparatuses on the one hand, and the increasing desire for building ‘resilient’, dispersed, and flexible security assemblages on the other. The bureaucratic/vital juxtaposition seeks to capture the way in which cybersecurity governance takes emergent, complex systems as object and model without fully replicating this ideal in practice. Thus, we are concerned with the question of what happens when security apparatuses appropriate and translate vitalist concepts into practice. Our case renders visible the banal bureaucratic manoeuvres that seek to operate upon security emergencies by fostering connectivities, producing agencies, and staging exercises

Asymmetric Threats: Analyzing the Future of Nuclear Terrorism & Cyber Attacks; The Value of Deterrence Theory for Addressing the Challenges of Nuclear Terrorism in the age of 21st Century Cybersecurity

Given the rapid development and ease of access to technology, the threat of extremist organizations utilizing cyberspace as a means to target critical American strategic infrastructure is of increasing concern. The risk posed by the acquisition of fissile material, sabotage, or use of a nuclear device by an extremist organization has been exasperated due to technological development outpacing strategy. Despite policy-makers’ attempts to protect the public from cyber-attacks and nuclear terrorism, the federal policies in place have failed to account for the continual evolution of technology and the gaps in security that this advancement brings. Through examining documents from congressional and bureaucratic agencies using content analysis, this study examines whether or not policymakers, congressional or bureaucratic, use deterrence theory when they make policy, suggestions, rules, and guidelines. This thesis asks how U.S. policy regarding nuclear terrorism has changed given a rise in cyberthreats? This thesis also asks a second question: Which federal agency is most capable of dealing with cyberthreats concerning nuclear terrorism? The findings of this research concluded that as cyberthreats continued to develop, policymakers using deterrence theory shifted to using previous waves of deterrence theory, primarily dealing with rivalry and competitive threats. In addition, this research finds that intelligence agencies are the most capable federal agencies in proving guidelines and informing future policymakers

U.S. AND PRC STRATEGIC COMPETITION: CYBER AND RISK AVERSION

The People’s Republic of China (PRC) altered its calculations from the aftermath of the 1990 Persian Gulf war and placed emphasis on the importance of technology and information. The PRC created the Strategic Support Force (SSF), which became operational in 2015, and includes space, cyber, and electronic warfare capabilities under one command. Meanwhile, the U.S. has wrapped itself in structural and cultural limitations, which hinder operational tempo. This thesis examined how the Department of Defense can adjust its positions on Cyber Titles, authorities, permissions, and risk aversion in leadership to maintain a competitive edge against the threat of the PRC’s SSF in the cyber domain. This thesis used system dynamics to model the economies of both the U.S. and the PRC into cyber capabilities, which resulted in an understanding that allocating additional money alone will not solve the core issue. Understanding the limitations of cultural biases, and using decision-making tools such as prospect theory, leaders can make more effective decisions. Through proper education of staff officers about cyber capabilities and their effects, integration of cyber operations at combat training centers, and pushing permissions and rules of engagements down to Task Force Commanders, the U.S. can overcome the structural and cultural obstacles.Major, United States ArmyMajor, United States Marine CorpsApproved for public release. Distribution is unlimited