An overflowing plate of urgently needed new policies to act upon will be waiting on President Donald J. Trump’s desk when he takes office on January 20, 2017. Few are as pressing as the need to lead a new national effort for strengthening our cyber-infrastructure resilience and toughening timing and location infrastructure.
President-elect Trump must make this a national priority and issue his new policy now. He should appoint a central authority that would report directly to him. It should direct, oversee and unite all U.S. efforts to develop, build and use new resilient capabilities and devices that would recognize the dependency of the cyber-infrastructure on accurate timing and location data delivered by the GPS. The Obama Administration’s mostly failed efforts focused on cyber, but paid little if any attention to timing and location services that are necessary for undisrupted cyber-activity.
We must now ensure that policies and definitions of cyber include timing and location services such as GPS. Such definition would help to coordinate the efforts to increase resiliency capabilities that could mitigate harmful effects to our cyber-infrastructure, and the ability to respond to them.
The Trump cyberspace security policy should look beyond just “space-based” assets and GPS. It should be looking at the larger cyber-infrastructure. It should be responsible for developing more resilient devices with access to multiple alternative sources for our nation’s cyber-infrastructure, which is dependent on GPS (Global Positioning System) for precise time and location-based services.
The growing dependency on wireless technology and services and lack of adequate security have led to an escalation in cyber-attacks. Substantial segments of the U.S. economy have already been harmed. State- sponsored hackers, as well as lone actors, were able to steal millions of documents detailing the country’s most critical national security and business secrets. Others have stolen untold amounts of money and disrupted out financial markets activities.
It seems that the rapid pace at which cyber-related architectures and wireless technologies are evolving have apparently presented an insurmountable barrier to most of our technologically challenged policymakers. During his two terms President Obama issued some executive orders on critical infrastructure and cyber-security.m But lacking direction, the executive branch, and its agencies have failed to secure the nation’s cyber-infrastructure. The czars and advisors he appointed to oversee different elements of cyber-security failed because of lack of leadership to coordinate the efforts. Thus the nation’s cyberspace security became increasingly vulnerable.
Only after Wikileaks began releasing the email correspondence between Hillary Clinton and her supporters, which were conducted on her private non-secure server, did Obama issue Presidential Policy Directive 41. Called the United States Cyber Incident Coordination, the directive put the FBI in charge of responding to all cyber-threats. This was necessary, said his homeland security adviser, Lisa Monaco, “because it’s not always clear whether those responsible for a hacking incident are other countries, terrorists or criminals.” The new directive identified the responsible federal agencies, to “help answer a question heard too often from corporations and citizens alike: In the wake of an attack, who do I call for help?” Ms. Monaco noted that “other agencies will also have significant roles in helping to prevent and mitigate the effect of cyber-intrusions.” These include the Department of Homeland Security and the Cyber Threat Intelligence Integration Center. But this will do little to undo the huge damage that was already done to the U.S. economy, military, and its national security.
A cyber-attack or worse, activating an electromagnetic weapon (EMP), by exploding a nuclear device in the atmosphere above parts of the U.S., as former House Speaker Newt Gingrich described, “would totally devastate our entire electrical grid and cyber-communication networks and disable our critical infrastructure. Such an event would destroy our complex, delicate, high-tech society in an instant and throw all of our lives back to an existence equal to that of the Middle Ages. Millions would die in the first week one.” This very real threat of an EMP attack on the U.S. has been debated in Congress, discussed in the media and featured in film. Yet, the Obama Administration failed to prepare adequate measures to mitigate the threat.
To better protect our economy, society, and government, we must immediately expand the current policies into a broader “position, navigation and timing” policy with a central authority and holistic approach for:
(1) overseeing, managing, and prioritizing U.S. efforts, (2) centralizing all research and development of location services, and timing solutions and technology, (3) gathering, maintaining, and adapting, in near real-time, civil user-defined requirements, (4) clearly delineating between government and private sector capabilities and responsibilities for provisioning, (5) clearly placing all forms of harmful interference, data manipulation, equipment vulnerabilities, and capability disruption(s) into the cyber-response planning framework, and (6) leveraging cyber-reporting to include GPS and other forms interference and disruptions.