By Mariah McCloskey
Robert Knake, the Whitney Shepardson senior fellow at the Council on Foreign Relations, spoke to students at the School of Diplomacy on October 13 about his work on Internet governance, public-private partnerships, and cyber conflict. Knake served from 2011 to 2015 as director for cybersecurity policy at the National Security Council. He was dubbed the “White House Cyber Wizard” for his work on establishing presidential policy that created the Cyber Threat Intelligence Integration Center and Information Sharing and Analysis Organizations.
He did not have a background in cybersecurity prior to working in the Obama administration. He was involved in border security before the terrorist attacks on September 11, 2001, when it was mainly involved only in illegal immigration and drug trade, and terrorism was not a main focus.
After receiving his master’s degree in public policy from Harvard’s Kennedy School of Government, Knake worked for a consulting firm that was a contractor for the Department of Homeland Security. Cybersecurity was one area of his firm’s work, so he started building his technical knowledge on the issue. About his entry into the field of cybersecurity, Knake said, “The intellectual perspective of cyber is much more interesting to work on than Homeland Security.”
The field completely changed after 9/11. One of the first projects Knake worked on after the attacks was a project that looked at what the terrorists might do next. Knake stated, “They were fairly ingenious in the way they attacked the United States on 9/11 so we had to think outside the box.”
After the invention of the Internet, analysts feared that terrorists could carry out cyber attacks. They could cause massive damage to the United States without physical impact.
The United States’ embrace of cyber operations has created a space for theoretical discussion space; for example, instead of dropping bombs on a foreign power plant, the government could simply turn it off. It would be much safer to use a cyber attack to shut the plant down then turn it back on without having to rebuild anything.
But the ability to shut down power plants with a cyber attack could also be used against the United States. An external—or internal—party could attack air traffic control, power sources, and communications, because the modern era makes understanding and utilizing such technology easily accessible and open to manipulation, Knake said.
Unfortunately, the concern is if these attacks keep happening and at a greater magnitude, the fear becomes real. People will start choosing not to do things via the Internet and fail to put new data online, making information-sharing virtually impossible.
Cyber crime may start to make people wary of carrying out normal activities on the Internet. Knake used the example of what happens when a bank loses their customers’ credit card information. For a while after Target lost most of their customer’s information, their sales dropped. But sales rebounded fairly quickly, and customers moved forward.
The focus for a long time has been that cybersecurity is a public-private partnership, but in reality, the Internet is owned by the private sector, operated by the private sector, and the targets are all in the private sector, Knake said. According to scholars who argue for public-private partnerships, the government has to find a way to help the private sector protect itself through what Knake calls the Home Depot method: You can do it, we can help.