This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.
The Department of Defense (DOD) has published the (Final) Environmental Impact Statement (EIS) for the proposed implementation of campus development initiatives and the construction of associated facilities for the National Security Agency (NSA) complex at Fort George G. Meade (Fort Meade), Maryland, dated September, 2010. The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency administered as part of the DOD. It is responsible for the collection and analysis of foreign communications and foreign signals intelligence. For NSA/CSS to continue to lead the Intelligence Community into the next 50 years with state-of-the-art technologies and productivity, its mission elements will require new facilities and infrastructure.
Like Damocles’ sword, this global interconnectivity both strengthens us and moderates us at the same time. We are strengthened because we are better connected to others than ever before and thus capable of spreading the seeds of liberty and opportunity to populations that yearn for it and where the lack of it is still being justified. We are moderated by this interconnectivity because others can more easily exploit the seams and turn our freedoms against us to infect with vitriolic propaganda that violently radicalizes populations across this interconnected web. It is the matter of moderation of our strength that brought together the remarkable group of thinkers whose words are reflected within this report. We are concerned here with the problem of deterring violent non-state actors from doing harm to our nation and to our allies. The questions of extending freedom through access while mitigating the misuse of that freedom to harm us were the dominant questions we took up in this workshop.
This plan outlines the Chief of Naval Operations’ (CNO) Strategic Studies Group (SSG) XXVIFs approach to addressing the challenges of operating at the convergence of Sea Power and Cyber Power as presented in the CNO’s Theme. In addition to providing a framework for the approach, this plan presents SSG XXVIFs initial overarching concept and Concept Team (CT) areas of focus.
In July 2010, the NSA revealed that it was expanding into a 227-acre parcel of land at Fort Meade called “Site M”, constructing a series of buildings that could cost as much as $5.2 billion. This expansion would displace two golf courses currently occupying the land and provide the NSA, which already occupies 630 acres at Fort Meade, with more space to build “an operational complex and to construct and operate consolidated facilities to meet the National Security Agency’s (NSA) continually evolving requirements and for Intelligence Community use”. The project has been shrouded in secrecy throughout its existence and there are only a few references to “Site M” in DoD budget planning documents. However, a recently discovered collection of development planning documents for the Site M project provide detailed information about the proposed $3.2 billion expansion, indicating that the facility will be a centralized command center for the NSA’s evolving cyberwarfare capabilities.
Cyber Warfare is warfare in the Cyberspace domain, which is defined by the SECDEF as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems and embedded processors and controllers.” Cyber Warfare encompasses Computer Network Operations (e.g. Attack, Defend and Exploit,) Information Assurance, and the network operations that encompass Command, Control, Communications, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Operations (IO) functions that occur within the Cyberspace domain. This includes Computer Network Operations (CNO) against automated systems (e.g. C4ISR), and the interaction between the physical, social and biological networks that define human-machine interaction.
This paper presents a comprehensive open source assessment of China’s capability to conduct computer network operations (CNO) both during peacetime and periods of conflict. The result will hopefully serve as useful reference to policymakers, China specialists, and information operations professionals.
▼Never before has it been possible for one person to potentially affect an entire Nation‟s security.
▼In 1999 (10 years ago), two Chinese Colonels published a book called “Unrestricted Warfare” that advocated “not fighting” the U.S. directly, but “understanding and employing the principle of asymmetry correctly to allow us [the Chinese] always to find and exploit an enemy’s soft spots.”
▼The idea that a less-capable foe can take on a militarily superior opponent also aligns with the views of the ancient Chinese general, Sun Tzu. In his book “The Art of War,” the strategist advocates stealth, deceptionand indirect attackto overcome a stronger opponent in battle.