Encryption: A Double-Edged Sword
By Alex Rosen, WiSe Leadership Initiative Fellow
Terrorist groups are rapidly adapting to our increasingly technological environment, and are capitalizing on the vulnerabilities of cyberspace to exploit, threaten, and disrupt our critical infrastructures. The paradoxical nature of encryption makes the debate surrounding its purpose and potential extremely complex.
Put simply, while cybersecurity measures are indispensable for security and protection purposes, encryption also potentially inhibits our ability to respond effectively to imminent threats to our critical infrastructure.
The House Committee on Homeland Security recently released a report which acknowledges that, “Encryption protects critical infrastructure, trade secrets, financial transactions, and personal communications and information. Yet encryption also limits law enforcement’s ability to track criminals, collect evidence, prevent attacks, and ensure public safety.”
In her testimony before the Committee on Oversight and Government Reform and the Committee on Homeland Security, Dr. Phyllis Schneck, the Deputy Under Secretary for Cybersecurity and Communications for the National Protection and Programs Directorate (NPPD), further highlighted this paradox: “The same software that is used to test a company’s cybersecurity can be used to conduct unauthorized or illegal surveillance.” Schneck rightly identifies encryption technologies and technological innovations as our greatest assets, but also as our greatest weaknesses.
As society inevitably relies on the development of cutting-edge information technology (IT) systems as a cornerstone of innovation, it is imperative that cybersecurity and encryption measures are pursued with the same enthusiasm to ensure controlled and uncompromised growth. The National Science and Technology Council (NSTC), which works directly with the Executive Branch to manage science and technology policy, recently advised:
“Just as brakes enable driving safely at higher speeds, cybersecurity is the foundation that enables economic growth and faster innovation in cyberspace.”
Cybersecurity measures must be articulated and enacted in order to redress for our current vulnerabilities, but also, and perhaps more importantly, to anticipate and deter future vulnerabilities.
Not only is greater investment in cybersecurity imperative for protecting our infrastructure networks, but it is also a sound economic investment. According to a 2015 report released by The Atlantic Council, an unsettling trend in cybersecurity points towards a future of increased data breaches, more disclosures of critical infrastructure, and more nations capitalizing on cyber capabilities as modern weaponry. Continued inaction from the public and private sectors may result in a worst-case scenario, where “Cyber attackers dragging down the Internet might cost the world nearly USD 90 trillion of potential net economic benefit.”
The potential impact of cyberterrorism is multifaceted and could be catastrophic to our political, economic, and financial sectors. FBI Director James Comey explained:
“These are more than just attacks on our infrastructure. They are more than just attacks on your money. It’s about attacks on employees. It’s about attacks on reputation. It’s about attacks on our economy and security and even attacks on our fundamental freedoms like freedom of speech.”
While breaches of data are concerning consequences of cyberterrorism, “it’s now about not just the breach, it’s about HR concerns that follow the breach. It’s about supply chain concerns; it’s about damage to customers and operations. It’s even about radicalization.”
Cybersecurity is critical at face value, but the effects are more far-reaching and pose both immediate and long-term risks.
As cyber threats propagate, our vigilance and counterterrorism capacities must check these attacks with coordinated, collaborative, and effective measures of a far greater caliber. The ambiguity of technological innovation—that it presents immense opportunity while exposing and creating greater national security vulnerabilities—requires a multi-faceted and innovative solution.
