UT Shield

Policy Over Pancakes

We do more analysis by breakfast than most people do all day

ngs2016

Uncategorized

, Filed Under: Uncategorized

Cybercare: The Security Mandate of the American Government

By Avery Leake and Madison Lockett

Security in the twenty-first century will undoubtedly look different than any other in history. The onset of the digital age signaled a departure from the norms of warfare, conflict, and crime in an increasingly interconnected world. The contract of government in the United States historically stipulated sacrificing individual freedoms in exchange for federally-assured safety. However, cybercrime has personalized national security threats and put the US Government in a tenuous position with regard to securing the state. 

So far, the US Government has failed to communicate a set of universal goals and procedures for governing the digital era, but requires a cohesive cybersecurity policy that is neither universal nor entirely absent. This federal cybersecurity policy will have two primary constituencies: individual Americans and American-based businesses. The issues facing these two constituencies are drastically different, as is the legal basis for such security measures. 

Establishing cohesive federal cybersecurity policy for individuals addresses the delicate balance of privacy and security. The Patriot Act of 2001 gave the US Government access to significant amounts of Americans’ personal information, data, and metadata. Following the 9/11 attacks, it expanded government surveillance powers in the name of counterterrorism, removing significant legal hurdles to wiretapping and other surveillance technologies.

This power proved increasingly seductive as digital technologies developed well beyond anybody’s wildest expectations and offered a treasure trove of personal data for a newly empowered surveillance apparatus. The newfound access to personal data effectively obligated the US Government to protect that personal data. This precedent of government protection is bolstered by HIPAA, FERPA, and other long standing consumer protection statutes.

Herein lies the tension of a potential federal cybersecurity policy: the US Government seized ownership of too much of the private lives and data of Americans to entirely abdicate responsibility for its cybersecurity. However, comprehensive security in each of these sectors would require complete government access and control over citizen’s personal data, further eroding the right to privacy among Americans. 

The internet is an increasingly dangerous avenue for individual financial, political, physical, and psychological attacks. Any federal cybersecurity policy will go a long way not only in providing basic protections to Americans, but to encouraging effective digital hygiene that will dramatically reduce cybercrime. 

However, federal cybersecurity policy will be limited to technical measures. Online platforms and individual accounts remain vulnerable to a variety of hacks, many of them attributable to social engineering rather than technical breaches. The US Government is not able to guarantee the sanctity of your Facebook account (which might also provide access to your primary email, bank account, the accounts of your friends and family, and important personal data) if your password is password—still the fourth most common password in 2020.

The US Government is facing the reality that a federal cybersecurity policy is required to reaffirm individual privacy rights. To ensure every American’s right to cybersecurity, Congress must define the parameters and pitfalls of introducing a cybersecurity policy covering both individuals and institutions from potential national security threats. 

American-based businesses present a different set of complications to establishing federal cybersecurity policy. Multinational corporations and a globally dependent economy make it difficult for the federal government to enforce strict cybersecurity standards if they are imposed on any company headquartered in the United States. An opt-in program appears the most promising way to establish a cybersecurity policy applicable to all US businesses.

While most large corporations likely have robust internal cybersecurity regulations, many small- and medium-sized businesses lack the resources to invest in much more than a very basic plan. For these firms, a baseline cybersecurity policy offered by the US Government would almost certainly help their ability to effectively run their businesses without fear of intrusion, theft, or other cybercrime. Such a program could be offered upon incorporation and designed to accommodate different corporate sizes and structures.

A final consideration for policymakers must be the importance of various American industries to national security. In the past, this might only concern defense contractors or industries that interacted with espionage or conflict in some form. However, in the digital age, any industry that is critical to the operation of our country and the wellbeing of Americans falls under the umbrella of critical infrastructure potentially requiring heightened security. These include healthcare, agriculture, transportation and airfare, and even finance in addition to the defense and energy industries that already receive additional security measures from the US Government.

The concerns of businesses provide fewer legal and ethical considerations than the concerns of citizens, but are no less complex nor demanding of effective policy. Until the US Government has established guidelines for security and action in times of digital crises, cybersecurity will remain a private institution that is only available to those who seek it out. Potentially, such action will open the floodgates to new considerations regarding governance in the twenty-first century as legislators seek answers to new questions posed in the realms of enterprise, information, and security in the digital age.

, Filed Under: Uncategorized

Reopening America: Vaccines are not a Cure for Businesses

After nearly a year of the unprecedented use of the word “unprecedented,” the end of the Covid-19 pandemic may be in sight. Maybe. In the past month, the US has greenlit a jointly developed Pfizer/BioNTech vaccine that proven 95% effective against the Covid-19 disease, with a potential 2nd vaccine shortly on its heels. These developments come at a critical time when the US and the world are facing the pandemic at the beginning of winter, the time when most people are susceptible to disease. Already, countries and states are seeing a resurgence of hospitalizations and deaths, promptly the US to employ Operation Warp Speed to get hundreds of thousands of vaccines to where they are needed most at – you guessed it – warp speed.

A tall task for a government that struggled severely with managing an overflow of mail-in ballots just a month ago, Operation Warp Speed will need to operate nearly perfectly to achieve its goal of 300 million vaccines produced and distributed by early 2021. However, Operation Warp Speed has 3 keys benefits that the US Postal Office didn’t: bipartisan support, more than $16 billion in funding, and a well-trained military force to streamline the process. With these resources, Operation Warp Speed could very well meet its target of production and distribution. The question then becomes what happens if they succeed?

While the vaccine will then be distributed across the country, the actual inoculation of Americans will not match the same pace of distribution. To say nothing of the substantial anti-vaccine community within the US, the rollout of the vaccine will inevitably happen in phases with the most at risk communities like healthcare workers and the elderly receiving the first wave, followed by the majority of Americans over the preceding months. My objective is not to critique how the US chooses who to prioritize or demand an unobtainable goal of complete vaccination of the American population by spring. Instead, I seek to promote dialogue about the more intangible difficulties of the Covid-19 vaccine that will extend the effects of this pandemic well beyond what hope the vaccine may offer.

Since it began, Covid-19 has cost the US economy an estimated $16 trillion – 4x more than the Great Depression. Despite multiple stimulus packages, thousands of businesses have failed, and millions more are limping by through shutdowns. The vaccine offers the possibility of returning to normalcy, at least to an extent. However, the US needs to decide now how it will prioritize reopening with the advent of the vaccine. Will it try to save businesses now that there is option for immunity or wait until near 100% adoption before restarting the economy?

One possible solution is that individuals who receive the vaccine should be able to return to normal operation while those who abstain must continue to observe social distancing and hygiene monitoring protocols. This method however proves near impossible to implement because of a long-standing pillar of US healthcare – HIPAA. HIPAA (the Health Insurance Portability and Accountability Act of 1996) mandates that protected health information, like vaccine immunizations, cannot be disclosed without permission of the individual except for “public health activities…for the disclosure to a public health authority.” While this makes it possible for hospitals and schools to review health records, it is not a feasible solution for a majority of businesses to request proof of individual health records as they do not qualify as a public health authority.

Due to this restriction, HIPAA has become a major impediment for businesses to act upon the newly available Covid-19 vaccine. These companies will need to maintain the much more stringent safety requirement put in place over the last few months, and some may need to even shut down again as the vaccine comes too late to prevent a deadly winter wave of cases.  Unlike Wall Street, who has already celebrated the adoption of the vaccine with quickly rising stock values, most American businesses will still need to hibernate through the next few months and pray that 2021 will be slightly less “unprecedented.”

, Filed Under: Uncategorized

The Abraham Accord and the Sale of F-35’s to the UAE: Encouraging Cooperation or Regional Insecurity?

On September 15th, 2020, the Israeli Prime Minister Benjamin Netanyahu and the UAE Foreign Affairs Minister Abdullah bin Zayed bin Sultan Al Nahyan signed the Abraham Accord, a normalization agreement between the two Mideast nations. The agreement promises the establishment of diplomatic relations, business relations, tourism, and scientific cooperation. It was an unprecedented move, but also not entirely unsurprising as the UAE had been, subtly, developing security ties with Israel as well as diplomatically gesturing towards normalization during the last two decades. Normalization is not only a significant move for the two countries but for the region as well. After the signing of the Accord, Bahrain, Sudan, Egypt, Jordan, Oman, and (unofficially) Saudi Arabia came out in support of normalization, reflecting a regional openness towards non-aggression with Israel.

Additionally, the Abraham Accord introduced the possibility for the U.S. to sell MQ-9 Reaper drones and F-35’s—one of the U.S.’s most advanced stealth airplanes—to the UAE. The sale was not possible before the normalization because of a security agreement between the U.S. and Israel that states Israel must maintain a qualitative military edge (QME)—the tactical, technological, and intelligence advantages that allow it to deter adversaries—in the region.

There is public debate whether the sale will risk Israeli, U.S., and regional security or if it will further encourage the momentum of the Abraham Accord towards robust cooperation between Israel and the UAE.

Although the Israeli Premier has stated that the deal would not negate their QME—as long as the U.S. agrees to further enhance Israeli military capabilities—the deal could risk the transfer of advanced technology to adversaries, jeopardizing Israeli and American security. The UAE has security ties to both Russia and China, purchasing drones from China and a Sukhoi Su-35 fighter jet, the Pantsir S-1 missile defense system, and the Kornet-E anti-tank missile system from Russia. Although their security ties are limited, giving the UAE F-35’s makes U.S. advanced technology vulnerable to espionage and theft by China and/or Russia.

There is a delicate balance among the powers on either side of the Strait of Hormuz, and many argue that the sale could have the potential to initiate an arms race with Iran. In Iran’s eyes, the Abraham Accord is a step towards the formation of a bloc of countries that oppose Iran, and an advanced arms sale to one of those countries would certainly raise concern. Iran has been seeking to purchase stealth aircrafts from Russia and China, and an arms sale such as this could further motivate them to also acquire stealth aircrafts.

Additionally, the sale could be seen by China as a move by the U.S. to reassert themselves in the region to counter China’s increasing military and economic involvement. If China feels that their agenda in the region is threatened, they could be motivated to counter the U.S. reassertion and provide aircraft or weapons systems support to Iran.

On the other hand, if the sale is approved it could reinforce the momentum of the Abraham Accord towards not only non-aggression but cooperation between the two countries. A committed security relationship between the two is many paces down the road but more immediately the sale could encourage cooperation regarding issues of cybersecurity, defense systems, and intelligence sharing. Increasingly holistic cooperation between the two countries could also motivate broader technological and economic cooperation among the countries in support of the Abraham Accord, such as Bahrain and Saudi Arabia.

The debate of whether to approve the sale or not is fraught with potential positive and negative consequences. However, in either outcome the Abraham Accord and the subsequent discussion of selling advanced weaponry to the UAE, represents that the region is beginning to be more open to normalization and potentially greater cooperation. This is momentum that a Biden administration should gracefully encourage.