On March 9, 2012, Colonel Forrest Hare of the United States Air Force spoke at The Institute of World Politics about cybersecurity issues.
Stressing that the opinions presented were his own and not those of the Department of Defense, Colonel Hare began by defining cyberspace as a domain. Cyberspace is an interdependent network of information technologies. Cyberspace is NOT information or data, but rather the place where data are created, modified, and exchanged.
After describing the breadth of cyberspace, he moved forward with the idea of responsibility. He said that having one agency be responsible for cybersecurity was like having one agency responsible for "land security;" there are, of necessity, lots of different agencies and people involved.
Col. Hare examined how different government agencies would have different priorities in cyberspace. Foreign Affairs ministries (like the US State Department), want to preserve the free flow of information and use it to promote their national ideology. Public safety ministries, such as the Department of Homeland Security, are mainly concerned about securing the physical network, and are not as concerned about the data involved. The Department of Energy seeks to preserve the safety and resiliency of generation; they want to maintain a network which is broad and available. National intelligence agencies want to leverage cyberspace's ability to gain more information with less risk. Law enforcement agencies are mainly focused on preserving financial safety and countering identity theft. Finally, the Defense Department wants to ensure the security of its own vital info and counter the adversary's use of cyberspace for Command and Control (C2).
After discussing the breadth of perspectives on cyberspace issues, Colonel Hare then turned his attention towards which issues should be treated as national security issues, rather than legal or technical issues. Citing Barry Buzan and Andre Wolfers, he described the concept of "securitization," where a threat or issue is dealt with outside of regular systems. Colonel Hare put two main areas in "the bucket:" first, attacks against cyber systems containing information of national security value, and second, attacks on the nation's critical infrastructure, such as energy and transportation that would pose an immediate threat to national security.
Col. Hare took a moment to stress that, although it was important to distinguish between the domain and content of cyberspace, they are interwoven issues and it is impossible to address them separately. With this in mind, he addressed the role of the military and the role of the legislature in cybersecurity. The military, he said, was challenged to work closely with other agencies. It had to change its way of thinking about its vulnerabilities, critical operations, and support to other agencies. The military had to balance free expression against counterpropaganda, intelligence collection against denying communication, and supporting private actions against countering distrust of the government.
Moving to more of a policy level, the legislature also has several important parts to play. Here, Col. Hare stressed the importance of building private/public partnerships and fostering private sector contributions. He felt that it is important for cybersecurity policy to focus on probable scenarios, while providing support to those who must implement the security by not driving compliance costs excessively high.
Colonel Hare is currently assigned to the National Security Agency. He has previously worked on CTJF-Horn of Africa and the Air Staff Operations Directorate, as well as serving deployments in Saudi Arabia, Turkey, Germany, Korea, and elsewhere.