US Senator Calls For New Cyber Doctrine

US Sen. Mark Warner (pictured) has called for a new US cyber doctrine designed to combat modern threats from hackers and disinformation campaigns. Warner serves as vice chair of the Senate Intelligence Committe.

Government, tech companies, social media platforms and other stakeholders must collaborate on a "whole of society effort" to counter malicious campaigns from China, Russia and other countries, which have developed military strategies around shaping information in the digital space. 

"Despite a flurry of strategy documents from the White House and DOD, the federal government is still not sufficiently organised or resourced to tackle this hybrid threat," said Warner.

Warner criticised President Donald Trump to task for not using his office to mobilise a broader response, and for eliminating important government positions, like the White House and State Department cyber coordinator posts. 

Warner said the US must be at the forefront of shaping international norms that govern nation state behavior in cyberspace and set the table for acceptable use of offensive operations.

Warner called for a comprehensive and coordinated strategy to counter foreign-directed mis-information operations, particularly on social media. 

He called out Facebook, Twitter, Reddit, Google-owned YouTube and Tumblr as companies who "aren't doing nearly enough to prevent their platforms from becoming petri dishes for disinformation and propaganda." 

Warner said these companies must improve the way they detect and minimise propaganda on their platforms, alert users when they're interacting with bots and improve transparency around data collection procedures and warned that regulation could be in the offing. 

"At some point if they don't work with us, Congress will have to act on its own," said Warner. "One thing is clear: The Wild West days of social media are coming to an end."

Renee DiResta, a disinformation researcher, refers to this status quo in a November 2018 research paper as one of "continuous partial conflict" between nations that falls somewhere between a cold war and a hot one. 

DiResta argues that only social media platforms are positioned to regulate the problem in the short term, and only if they recognise their own responsibility. 

Many US government agencies are legally and politically constrained from policing disinformation without running afoul of Constitution limits, since it is often difficult to tease out from many campaigns where foreign influence ends and domestic free speech begins.

Robert Taylor, former Principal Deputy General Counsel and Acting General Counsel for the Department of Defense under the Obama administration, told FCW that the Trump administration's cyber strategy lacked a meaningful component around combatting misinformation that outlines responsibility for the private sector while balancing relevant constitutional concerns around free speech and free enterprise. 

However, he disagreed with Warner's suggestion that establishing norms in cyberspace should precede the use of offensive cyber tools, arguing that a willingness to conduct such operations is an essential component of current deterrence strategies. 

"Offensive cyber capabilities and the ability to act outside our own networks to disable offensive capabilities directed at our networks, and the willingness to deploy such capabilities when necessary, are critical to a meaningful deterrence," said Taylor.

FCW:

You Might Also Read:

White House To Step Up Cyber Counter-Offensive

UN Chief Urges Global Rules For Cyber Warfare

« Three Ways Facebook Could Clean Up Its Act
IoT Cybercrime Hotspot In Canada »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.