The U.S. must “stop playing defense and go on offense” online in order to avoid a “cyber Pearl Harbor,” according to the newly released Republican Party platform.
“Despite their promises to the contrary, Russia and China see cyber operations as a part of a warfare strategy during peacetime,” the platform states, adding, “We will … make clear that users have a self-defense right to deal with hackers as they see fit.”
Security and policy experts, however, have serious reservations about the platform which was authored by Republican lawmakers and party faithful alike, and released in tandem with the GOP Convention kick-off on Monday night.
One scholar fretted that Republicans would end up “destroy[ing] the internet in order to save it.”
“There is a distinct lack of clarity about rules of the road for peacetime, and the norms and laws that do and will govern offensive cyber operations in peacetime [are] still highly malleable,” explained Robert Morgus, a policy analyst with D.C.-based think tank New America.
“This means that operations conducted by the U.S. and others are highly influential in shaping those rules, and pushing the red line too far — while useful for short-term strategic goals like disrupting the Iranian nuclear program — may prove detrimental to global stability in the long run,” he added.
The platform’s ambiguous call to action, noted Morgus, offers no details about what it defines as going on cyber offense — “it’s important to draw a line between offensive cyber operations conducted for espionage or intelligence gathering purposes and offensive computer network operations,” he said.
Espionage, Morgus said, is an expected reality for nation-states but offensive computer network operations — like the Stuxnet cyberweapon which crippled Iran’s nuclear program — could easily cross the threshold into “armed attack.” In international law, nations are permitted to respond militarily to an armed attack.
Moreover, observed former NSA IT architect Will Ackerly, the platform would give other nations political cover for launching cyberwar operations.
“The way that this section of the Republican platform is written sounds as though it’s rationalizing the use of force following a cyber-attack by way of defending the country. To that end, any offensive practice would give everyone else in the room the latitude to justify their offensive actions based on the United States’ rhetoric,” explained Ackerly, who left the NSA to become co-founder and CTO of cyber start-up Virtru.
“It is tempting for the United States, with its advanced offensive cyber capabilities, to think the best defense is a good offense, but this is not true when it comes to our most likely adversaries,” said Brown University Academic Director for Law and Policy Tim Edgar.
“Offensive cyber operations carry a host of risks and unintended consequences for the security and stability of the internet. The United States is uniquely vulnerable to these risks. Offensive operations should be tightly controlled,” Edgar told FedScoop.
“We don’t want to destroy the internet in order to save it.”
Among other cybersecurity-related topics addressed, the party platform specifically advocates for stronger energy infrastructure security, the birth of a global free market in cyber insurance and for Congress’ to lead efforts to create an encryption “solution.”
The party platform is drawn up by the RNC Arrangements Committee whose leadership is appointed by RNC Chairman Reince Priebus. The committee is comprised by roughly 150 elected officials and prominent party allies who also helped organize other aspects of this year’s convention. The platform is not binding on the president or his appointees.
It remains unclear if committee members relied on outside, private-sector help to craft the cybersecurity section. An RNC spokesperson did not respond to FedScoop’s inquiry.
Chairman of the House Committee on Homeland Security, Rep. Michael McCaul, R-Texas, who was a keynote speaker at the convention Monday night, provided the following statement to FedScoop when asked about the platform.
“I believe that a confident America must protect the homeland and the American people as we live in a dangerous world,” McCaul wrote.
“While I was not a Member of the Platform Committee, I did work hand-in-hand with leadership in the House to come up with A Better Way for America … a package of policy priorities framing distinct differences between the two parties regarding important issues of national security — including Cybersecurity,” the statement reads.
The 23-page “A Better Way” policy framework — originally pushed forward by House Speaker Paul Ryan’s office — details the House Republican national security platform.
McCaul said during a Council on Foreign Relations event following its launch, that he hoped Trump “would read, and take attention to,” the document.
“A Better Way” is absent of recommendations concerning offensive cyber operations. Instead, it promotes broad efforts like federal IT modernization and for U.S. network security to be treated as a central element of national security.
To contact the reporter on this story: send an email via firstname.lastname@example.org or follow him on Twitter at @Bing_Chris. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.