LEGAL NEWS PHOTOS ABOVE AND BELOW BY JOHN MEIU
Dr. Sheila R. Ronis of the Project on National Security Reform
by Cynthia Price
Cyberstalking, disinformation campaigns, product and sales fraud, interception of telecommunications, phishing, spamming, theft of Intellectual Property and proprietary information, piracy of arts and music, pornography dissemination, cyberterrorism, disruptive hacking that falls short of terrorist activity, identity theft, spamming,
illegal financial transfers in order to steal from others, national security infringements, cyberextortion, drug trafficking ... the list of illegal activities facilitated by the Internet is as varied as the imagination of the criminal, or rogue political, mind.
Dr. Sheila Ronis, physicist, author, professor, and systems thinker who spoke about “The Cyber Frontier: Cyberspace Confronts Cybercrime” for the World Affairs Council of Western Michigan on Feb. 13 and 14, did not offer such a list. But the wide variety of such threats is one part of what makes the cyberworld a complex system, which, Dr. Ronis emphasized, requires a predominantly new and untested problem-solving approach.
On Tuesday morning, Ronis told about a dozen people in person and several dozen more over a webcast about issues deriving from her work on the Project on National Security Reform. Congress charged Project personnel with preparing a replacement for the outdated National Security Act of 1947, and Dr. Ronis heads its Vision Working Group.
The morning session at the Fifth Third Bank Building was a repeat of one held the evening before at Aquinas College. Thomas M. Cooley Law School sponsored both sessions.
For more information on other thought-provoking programming the World Affairs Council has in store, visit http://worldmi.org/.
Ronis works for Walsh College in Detroit, and is also President of The University Group, Inc., a management consulting firm and think tank. She was recently a Fulbright Specialist in Singapore exploring that nation’s security risk management procedures. She also works with the United States President on Executive Branch policy regarding national security, and in 2007 published the book Timelines into the Future: Strategic Visioning Methods for Government, Industry and Other Organizations.
The bottom line about cybersecurity? Ronis feels that almost no one is able to grapple with the problem at a level sufficient to overcome disciplinary and geopolitical boundaries. And she emphasizes that that is a mistake, one that must be remedied soon if we are to avoid some extremely negative consequences.
Some of those consequences are financial: an analyst at Symantec, according to Ronis, estimated that in just one year there was a cost of $388 billion, with over 430 million victims subject to some variation of malware. Some are human costs, as syndicated and individual criminal activity in such areas as drug sales and child pornography increase.
Others involve national security. Ronis said, “Cyberterrorism and the overdependence of our military on both intelligence and on deep space assets not well protected are real threats.” She pointed out that even some of the identity and Intellectual Property theft is “state-sponsored” by foreign governments, representing an additional, though subtle, national security danger.
In eloquent terms, Ronis told the audience in what ways cybercrime is a complex system. This means, among other things, that it is composed of multiple parts, and their interaction results in exhibiting different characteristics than any one of those parts.
“Changes in how we communicate have resulted in a world that’s increasingly interconnected and interdependent. The potential for global capital market collapses, global disease, cyber attacks and other threats have added complexity. This means we must live with systems that are volatile, uncertain, complex and ambiguous (VUCA).”
The cybercriminal world is subject to all the principles that govern complex systems. One example is relative unpredictability and an ever-changing nature. No sooner is a solution found to one aspect of cybercrime than dozens of other aspects emerge.
Ronis stressed another principle: “Complex systems cannot be controlled, only influenced.”
Ronis briefly offered some recommendations and observations, based on her broad experience in cybersecurity. One is that individual countries must recognize that the threat is dire enough to warrant setting aside national interests and decide to work together at the “grand strategy” level. Businesses and corporations must also come to appreciate how serious the problem is, and work with employees and suppliers on commonsense practices.
As a nation, we must concentrate not only on increasing encryption security, which to some degree is a dead end based on the nature of complex systems to “get around” barriers, but also developing diplomatic responses. This involves exploring why cybercrime takes place, and the goals of those who engage in it. She referred to The Art of War’s admonition that we must “understand our enemy.”
Holding countries such as China to observing the rule of law is one diplomatic response. Ronis acknowledged that Michigan Senator Debbie Stabenow has been at the forefront of insisting that, as a pertinent example, China abide by the regulations it agreed to when it became a member of the World Trade Organization.
Stabenow has introduced legislation, the American Competitiveness Plan, that would “create a trade enforcement unit to crack down on countries who violate trade laws to gain an anti-competitive advantage over our businesses and workers,” including stronger penalties “for foreign companies who steal American technology and intellectual property.”
Commented Ronis, “I hesitate to use cyber warfare as a term, but when you realize how much of the state-sponsored activity comes from China and to a small degree from places like Russia, you see that people who have traditionally been our enemies, specifically the Chinese, have been incredibly sophisticated and systematic about getting what they want.”
Finally, and most important, we must commit the effort and resources to high-level planning. She decried the lack of successful efforts to develop a responsive or proactive plan. In response to an audience question she said she did not feel the United Nations, nor any other entity so far, has the capacity to spearhead that planning.
She said she regarded the Obama Administration’s Blueprint for a Secure Cyber Future, out of the Department of Homeland Security, as a good start. However, both because the process failed to include global stakeholders, and because the plan does not delve deeply enough into the complex systems responses needed, much more work must be undertaken.
“We need to start the discussion about building more robust systems, systems that are resilient. If cybercriminals attack the system and find it less vulnerable, and their attacks make no difference, trust me, people will stop,” she concluded.