These are five short essays written by Undergraduate Fellows from the Clements Center for National Security at the University of Texas. Their essays present fresh, thoughtful insights into contemporary problems of national security, ranging from intelligence sharing and cybersecurity to supply chains and political discourse.
Student: Ashish Dave
Topic: Cybersecurity education
Geeky Coders Are a National Security Imperative
As a Texan, the last thing I tend to worry about is energy scarcity. So, it was mind-boggling to me when I heard earlier this year that a Russia-linked hacking group had taken down the largest fuel pipeline in the United States, crippling the East Coast and raising serious concerns about wartime energy security. In the past, curtailing a nation’s fuel supplies demanded embargoes, blockades, or strategic bombings. Today, all it takes is a single compromised password.
While the Colonial Pipeline hack dominated national headlines for weeks, other cyberattacks by foreign actors went largely unnoticed by the public. In June, a cyberattack on JBS SA, the world’s largest meat producer, forced a shutdown of all of its American and Australian beef plants for up to a week in some cases. In March, CNA Financial, one of the largest insurance companies in the United States, handed over $40M in ransom after hackers locked it out of its own network for two weeks. Most alarmingly, a Chinese-backed group reportedly gained access to the New York City subway system’s network in April. While cyberattacks on US military agencies have gradually increased in frequency over the last decade, the attacks through the first half of 2021 reveal a new, more frightening pattern: attacks deliberately aimed at crippling key domestic systems.
In an AI-driven, Internet of Things (IoT) future, we must expect the nature of cyberattacks to transition from attacks on systems to attacks on individual units. Rather than attacking a municipal water system, for example, future hackers may take advantage of a completely digitized world to carry out targeted attacks using self-driving cars, smart hospital equipment, or commercial drones. Undoubtedly, the nature of cyberwarfare will proceed upon an insidious and malignant arc.
Without a plan to develop a robust cybersecurity talent pipeline to our defense community, America risks seriously mishandling its future security interests. The Defense Department already suffers from a shortage of qualified cybersecurity professionals; this gap is only exacerbated by private sector technology companies that offer unquestionably superior benefits, cutting-edge projects, and demonstrated resistance to assisting security agencies.
It is especially incumbent upon President Biden, who has embraced the role of advanced computing in our 21st-century economy in word, to protect America’s future security interests by designating cybersecurity education as a national security imperative. Providing incentives for K-12 computer science education, reforming outdated educational qualification requirements for agency cybersecurity roles, and establishing talent-exchange programs with private-sector companies are reforms that will not only widen the professional pipeline but also promote a digitally “armed” populace. Additionally, the Biden administration must resist blanket partisan repeals of Trump administration initiatives to avoid compromising constructive, future-forward defense innovations (e.g. the U.S. Space Force).
As our world becomes ever more connected, America’s first line of defense will no longer be comprised solely of men and women in uniform. Instead, it will largely depend on today’s computer-savvy elementary schoolers and our ability to successfully execute a new component of grand strategy for our national security.
Student: Peter Denham
Topic: Ideal policy and real policy
The Importance of an Imperfect Israel in an Imperfect Region
My junior year of college saw democracy challenged in several ways, but one less appreciated trend has particularly stuck out to me: the unhealthy gap between how voters and policymakers view issues of national security. While D.C. decision-makers weigh imperfect policy options against less perfect alternatives, voters of my generation treat policy options differently. If a policy idea or perspective is too nuanced to fit onto an Instagram infographic or a character-limited tweet, it is difficult to post, a fate that will leave it absent from the mainstream discourse for many politically active, young Americans. Nonetheless, social media is increasingly seen as a tool to convey policy preference.
But while social media can be effective at raising awareness of imperfections, it is particularly ill-suited to national security discourse, in which there are rarely perfect solutions.
No issue more clearly demonstrates how social media misrepresents policy realities than does the complex Israeli-Palestinian conflict, with growing calls on the American left for an end to America’s “Special Relationship” with Israel, and often reactionary calls on the right for its defense. While hard to quantify concisely on social media posts, the Biden administration must better articulate to the American electorate why empowering Israel as a regional heavyweight is still the least imperfect policy option.
First, since the 1980s, the principal concern of U.S. grand strategy in the Middle East has been the containment of Iran and its propagation of proxy-led violence, regional destabilization, and anti-American alliances. In the 21st century, the Iranian question has not only persisted but also acquired a nuclear dimension. Now, the converging interests of China, Russia, and Iran form the most formidable counterweight to the United States since the height of the Cold War. Consecutive U.S. presidents have sought to meet this challenge while simultaneously reducing our presence in the region. For this strategy to work, then, it is vital to empower the local actors capable of counterbalancing the malign influence of these ambitious adversaries.
Second, recent geopolitical trends in the region suggest that Israeli strength and dynamism — both economically and militarily — are boons, not obstacles, to warmer relations with Arab neighbors. Israeli prowess in cybersecurity and its cutting edge technology in medicine and desert agriculture are seemingly persuading Saudi Arabia, Bahrain, and the United Arab Emirates to recalculate their traditional animosities toward the country in favor of mutual benefit. The United States can do far more to further these peaceful trend lines by strengthening Israel’s competitive advantages than it can by weakening them.
Finally, hopes for broader regional stability are inextricably linked to Israel’s precarious security context. Hamas, Hezbollah, and, most importantly, Iran still maintain the extermination of Israel “from the map of the region” as a political objective. A formal or even rhetorical change in American support would give already powerful Israeli right-wing coalitions further proof that they will have to go it alone on self-defense. An Israel more isolated from U.S. aid and less influenced by U.S. preference only incentivizes future Israeli leaders to act more preemptively and aggressively to nullify existential threats, especially amidst Tehran’s pursuit of a nuclear program.
New skepticism of the American-Israeli alliance poses challenges as well as a broader opportunity for President Biden. By clearly communicating the importance of choosing imperfect policy amidst less perfect alternatives, Biden can help close the widening gap between how the polity and policymakers understand our national security interests.
Student: Katherine Birch Topic: Leading international response to the Colonial Pipeline Hacking and similar events
Money Talks: Addressing Russia’s Cyber Crime Infection
When news of the May 7th Colonial Pipeline hacking first broke on social media, I was in smalltown Virginia watching in astonishment as Americans battled each other for fuel at a dilapidated gas station. As we later learned, Darkside, a highly successful Russian-based ransomware group, was behind the hacking of Colonial Pipeline. By the end of the ordeal, the cybergang was able to extort almost $5 million from Colonial Pipeline as ransom. To thwart similar attacks on our critical infrastructure in the future, the United States must take action at the international level and undertake a leading role in coordinating international sanctions against Russian technology companies to address cybercrime and states that harbor cybercriminals.
The growing frequency of cyberattacks, intensifying nature of hacks through new “double extortion” methods, and the evolving ease of “leasing” said ransomware software online to potential adversaries suggests that threats from cyberspace are not disappearing soon. Their potential to inflict serious damage at a low cost make them an increasingly popular instrument among our adversaries. The leaking of information regarding our critical infrastructure in online settings and attempts by the Kremlin to subvert social cohesion in Western nations demonstrate the disruptive potential of cyber threats emanating from Russia. President Biden’s recent executive order, which requires federal contractors to report successful cyberattacks on their systems, is a step in the right direction. However, doubts exist as to whether this order is enough to make a substantial difference since many of the companies underpinning our economy are not federal contractors.
While the Russian government did not orchestrate the Colonial Pipeline hacking, the Kremlin’s policy of tolerance, and at times collusion, with cybercriminals must be addressed. The United States should work with its allies in the United Nations to publicly condemn Russia for violating The United Nations Convention against Transnational Organized Crime (UNTOC) while imposing additional sanctions on Russian technology companies for refusing to address cybercrime. UNTOC requires its signers to conduct “mutual legal assistance and law enforcement cooperation” and is the only legally binding international law towards transnational crime in existence that is applicable to cyber crimes, because the United Nations categorizes it as an emerging form of transnational crime. Instead, Russia has consistently refused to cooperate with international authorities or to investigate the Russian-based hacking groups themselves. Research shows that sanctions against non-state actors – in this case, private companies – that meet conditions such as multilateral cooperation, coordination with the private sector, and international financial transparency are more likely to succeed. Hammering the bottom line of major technology companies would dent the Kremlin’s plans for economic diversification, prompting it to take action against its cybercriminal epidemic. Precedent for this approach exists. The sweeping 2014 commercial sanctions imposed in conjunction with our allies on Russian corporations conducting business in Crimea are believed to have brought Moscow’s military campaign of Crimea to a prompt halt later that same year.
Since the dawn of the digital age, the United States has pioneered developments in the information security sphere. While placing sanctions and upholding international norms may sound tedious, doing so demonstrates to our allies, the American people, and governments harboring cybercriminals, that the United States will undertake a proactive role in creating a safer global cyberspace.
Student: William Tran
Topic: Covid-19 as a model for intelligence-sharing in East Asia
Friends or Frenemies? Intelligence-Sharing during the Covid-19 Pandemic and its Implications for U.S. Strategy in East Asia
In the midst of an uncertain period, nations in East Asia have recognized how intelligence-sharing has directly saved lives in the short term and provided policymakers with the ability to think long-term about regional strategies. In order to understand this concept from an international perspective, however, it is important that we highlight how intelligence-sharing in East Asia during the Covid-19 Pandemic will provide the Biden administration flexibility in repairing our alliances in the region.
In the case of Japan and South Korea, shared objectives of maintaining public safety and stability have bolstered flagging bilateral cooperation. A combination of population movement in East Asia and a lack of scientific transparency from Chinese health authorities provided the catalyst for Covid-19 to spread throughout the region. In May 2020, Japanese Prime Minister Shinzo Abe, in response to discussions about Covid-19 prevention policies, underscored the mutual benefits stemming from “exchanging information and experience.” Similarly, South Korea’s Foreign Ministry emphasized, in the spirit of regional cooperation, that it would “actively consider exporting virus-related quarantine products [to Japan].” In May 2021, The Diplomat pointed out that Japan and South Korea could still work towards thawing relations, especially in the context of Covid-19, by establishing “early detection measures and export agreements on essential prevention materials” in order to create a “future-oriented relationship.” These gestures may help to facilitate the gradual trust-building necessary for future cooperation and diplomatic dialogue.
Understanding the relationship between Japan and South Korea throughout this Pandemic will be crucial for understanding future U.S. strategy in the region. The Trump administration’s unilateral approach to addressing issues in East Asia, whether it be pressuring China through trade tariffs, engaging in direct negotiations with North Korea, or doubting U.S.-Japan security commitments, has left Japan and South Korea out in the cold. Even South Korea’s President Moon Jae-in emphasized, regarding the failed nuclear agreement between the U.S. and North Korea, that President Trump had “beat around the bush and failed to pull it through.” Alternatively, now that we have a new opportunity with the continuing Covid-19 Pandemic, the Biden administration can take full advantage of the cooperation between Japan and South Korea through diplomatic, security, and bilateral measures to shore up the alliance.
On the diplomatic front, continuing the policy of U.S. engagement with Japan and South Korea through regional forums will encourage an ongoing trilateral dialogue that has the potential to foster the trust-building and priority setting essential to strategic relationships. On the security front, bolstering the intelligence-gathering and analysis capabilities of Japan and South Korea, through means such as aerial reconnaissance, offensive, and defensive cyber capabilities, or early weapons detection systems, will be crucial for executing a U.S. strategy to enhance cooperation amongst the East Asian alliance. These mechanisms of security will emphasize the importance of the strategic relationship by highlighting the need to address common issues that threaten the stability of the region. On the bilateral relations front, encouraging Japan and South Korea to pledge to a long-term commitment to the General Security of Military Information Agreement will allow for continued intelligence sharing between the two nations that can lay the foundation for both nations to set a cooperative path forward for promoting long-term strategies for joint trust-building efforts and addressing security issues in the region.
While these measures will help to create the basis for a renewed diplomatic atmosphere, speculation about the future of strategic relationships is still subject to unexpected, society-changing events, whether domestic or international. Thus, we should act sooner rather than later. Additionally, and most importantly, while cooperation may derive from common, near-term security threats in East Asia, it must be underscored that the changing political dynamics in Japan and South Korea can impact the direction and narrative of how to approach long-term alliance-building in the region.
Student: Archit Oswal
Topic: Supply Chain Resilience
Supply Chain Resiliency Requires a Robust Industrial Strategy
Earlier this year, my home state of Texas experienced an unprecedented snowstorm that ground the state’s otherwise vibrant economy to a halt. Frozen roads, busted power lines, and inoperable railroads meant that goods transiting the state could no longer reach their intended markets. Another high-profile infrastructure failure soon followed. In May, a malware attack on Colonial Pipeline temporarily suspended shipments of gasoline from Texas. The message is clear – trends in climate change, cybersecurity, and increasingly geopolitics are threatening the flow of goods and services.
Disruptions like the Colonial Pipeline attack are occurring more frequently and risks to global supply chains are growing. According to McKinsey, due to supply-chain issues, companies can expect a production line stop that is greater than one month approximately every 3.5 years. These developments are concerning since global supply chains supply our defense industrial and technological base with critical inputs ranging from raw materials to high-tech components like semiconductors. Consequently, incorporating resilience into critical supply chains should be a national priority.
However, building resilient supply chains requires undoing some of the developments of the past several decades. The manufacture of some value-added goods such as telecommunications gear is increasingly concentrated in countries exposed to high levels of risk and reversing this trend will require time and money. The ongoing shortage of semiconductors provides a case in point – fabs are expensive, take time to build, and are heavily concentrated in geopolitically fraught Taiwan.
Given the high costs and pressing need to overcome these challenges, government subsidies, loans, and investments in our industrial capabilities and those of our allies are warranted. Structures such as the National Technology and Industrial Base already exist to facilitate allied cooperation, and indigenous value-added manufacturing capabilities will further strengthen America’s central role in the design and production of 21st-century goods. The Trump administration’s use of export controls to hamstring Huawei by limiting its access to semiconductors demonstrates the utility of this advantage in a national security context.
If undertaken without care, an industrial strategy could result in wasteful investments. China’s experience with industrial strategies is instructive in both their pitfalls and potential; while Chinese state-directed investments into the electric vehicle industry have spawned dozens of companies, Tesla still outperforms indigenous companies in their home market. To avoid waste and favoritism, industrial strategies need to adopt clear standards for determining which industries produce dual-use technologies that play an outsized role in our national security but currently lack financial sustainability.
In addition to adopting an industrial strategy, Congress should provide for the creation of an auditing board that will regularly administer stress tests for particularly vulnerable supply chains and encourage the maintenance of buffer stocks and supplier diversification. In preparation for these tests, the board should assist businesses in understanding and uncovering vulnerabilities in their vast supply chain ecosystems. Global supply chains often consist of multiple tiers involving thousands of suppliers, and as a result, many vulnerabilities remain undetected until they result in a major disruption.
Proactive supply chain management can enable organizations to adapt their operations to disruptions without compromising their effectiveness. The opposite is also true; organizations with supply chain vulnerabilities risk their ability to produce vital goods. As risks ranging from climate change to geopolitical tensions increase, the importance of incorporating resilience into our supply chains will only grow in tandem.
Peer Reviewed by: Paul Edgar, Associate Director of the Clements Center for National Security, The University of Texas
Find out how your University’s national security program can join The Cipher Brief as an Academic Incubator partner.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief and listen to The Cipher Brief’s Open Source Report Podcast wherever you listen to podcasts.