Author: Tasha Jhangiani

There is a saying in the international community that data is like oil – an immensely valuable asset, once you learn how to extract and use it to support yourself.

In the first week of my Security Implications of Artificial Intelligence class, my professor stated that he disagreed with that metaphor. His opinion was that data today is more like seawater – it practically surrounds us, but unless you take it through extensive purification processes, it is not potable and, as a result, not useful for consumption.

The healthcare sector has long been hard hit by data breaches. In the wake of the coronavirus pandemic, healthcare organizations are more at risk than ever before of malicious actors utilizing the crisis to their advantage and conducting increasing cybercrime or ransomware attacks. As hospitals have filled up with coronavirus patients, they have collected Protected Health Information, or PHI, from these patients. According to the HIPAA Journal, PHI is health data that is created, received, and/or transmitted by HIPAA-covered entities in order to provide healthcare services, including operations and payment. This information includes all identifiable health information, demographic information, medical histories, insurance information, and other private information that can be used to identify patients or provide healthcare services and coverage. Cybercriminals utilize this data and make it usable to them (i.e. “purifying” it, to put it in terms of the metaphor) through pulling out the most relevant parts of a person’s PHI and selling it on the black market for a high price. PHI is often sold at a significantly higher price compared to Personally Identifiable Information (PII) because medical records and data cannot be changed, even after they have been compromised.

Truth be told, I have done some of this research before. This past semester, I participated in writing a group paper on the impact of data breaches across various sectors of the U.S. economy for my Data Analytics class, and the sector I focused on was the healthcare sector. When I first started researching this essay back in January of this year, I had no idea how pertinent this issue would become.

According to a study by Spence, Bhardwaj, Paul, and Coustasse, hospitals and medical facilities are a frequent target of hackers and ransomware groups for two reasons:

1. Hospitals and medical facilities store sensitive patient information (i.e. PHI), and depend on electronic systems to store this information.
2. Hospitals and medical facilities frequently use outdated technology and often lack a solid IT support team, which is linked back to healthcare organizations having shockingly low IT budgets that haven’t changed for years. As a result, sensitive patient information is poorly protected.

Let’s break this down. Imagine a scenario where a person has tested positive for the coronavirus and is eventually hospitalized for the disease. The hospital collects the patient’s PHI and stores it in their online medical records system. Below is a scenario of what the hospital could face:

A hospital employee clicks on what he thinks is a legitimate email, and downloads a Word document file that was attached to the email. Unbeknownst to the employee, this email is a ransomware attack created by a cybercrime group. The Word document the employee downloaded contained macros that had malware attached to them, which is downloaded into the system and infects the computer within minutes. Eventually, it rapidly spreads to the rest of the hospital’s network. The malware encrypts the computer’s hard drive, files, and cloud. An electronic key is created and is subsequently saved by the hackers, who then issue a threat to the hospital demanding a ransom be paid before the files will be unencrypted. The impact of this ransomware attack is devastating on the hospital. The hospital’s network goes offline, which means employees cannot do necessary lab work and documentation. Additionally, staffers lose access to patient data, meaning they cannot treat their patients. As a result, the hospital staff resort to using paper records, and are forced to move some of their patients, including the patient who has just been admitted with a serious case of coronavirus, to nearby hospitals. In the time of the coronavirus pandemic, these moves are risky and costly. In a situation where nearby hospitals are at overcapacity, moving these patients might even be impossible. On top of the structural damage the hospital is facing, they also now face public backlash for not keeping these records safe, resulting in loss of business and consumer trust, as well as an increased risk of litigation.

It is not just the hospital that could be significantly harmed – the patient could as well, through the theft of their medical information from the hospital database. Imagine this scenario:

A hacker is able to gain access to a series of emails that contain PHI and other confidential information, including the PHI of the recently hospitalized coronavirus patient, and forwards it to an external email account outside of the hospital’s network. The hacker now has access to the patient’s Social Security Number, insurance information, medical records, and other confidential information. The hacker could take several actions with this information:

1. The hacker could sell the patient’s PHI on the black market for a high price. As mentioned above, stolen PHI is worth much more than PII, which is why it is more lucrative to cybercriminals.
2. The hacker could use the stolen health information to make false insurance claims, at the cost of the patient.

These scenarios are certainly possible and, in fact, have already occurred before. The first scenario was adapted from the infamous Hollywood Presbyterian Medical Center hack from 2016, which you can read about here. The second scenario is adapted from the Aspire Health phishing attack case from 2018, which you can read about here.

Data breaches have affected the healthcare sector more than any other sector for the past nine years running. A Ponemon Institute report sponsored by IBM from last year stated the average cost of a single data breach in a healthcare organization in 2018 was almost $6.5 million – over 60% more than any other industry in the study. Furthermore, a survey from Black Book Market Research stated that healthcare data breaches would cost the healthcare industry $4 billion by the end of 2019, and further predicted that 2020 would be even worse.

With the current health crisis, I would not be surprised if that prediction proved true. Cybercriminals are already taking advantage of the fact that the healthcare sector is taking a beating from this pandemic. A GCN article from April of this year outlined a situation from March 2020 where the Champaign-Urbana Public Health District in Illinois was hit by a cybercriminal attack that took their computer network hostage for several days. Treating patients and discovering a vaccine for this horrible disease is important, but hospitals and healthcare providers cannot let this issue fall to the wayside in the midst of this pandemic.

There are serious questions that I believe are critical for the healthcare sector to address:

1. What needs to be done to protected the healthcare sector from cyber crimes – in both the short term and the long term?
2. Which actors will be critical to implementing necessary reforms for the healthcare sector?
3. Who will take the lead on this issue – the federal government, private technology/cybersecurity companies, or the healthcare industry itself?

This was my final paper for my Cyber and Security class at George Washington University, submitted in May 2019.

Introduction

The current state of Russia-U.S. relations are marked by high levels of distrust. Tensions have been especially high in the past three years – both countries have imposed economic sanctions on the other, disseminated propaganda, and exchanged accusations in the international arena. The situation is unpredictable, and the rising tensions have spread across all issues between the United States and Russia, including cyber security.[1]  Securing information infrastructure has become a critical element of Russian-U.S. security relations. As much as U.S. officials have expressed concerns about Russian-sponsored cyber-activities, Russia is equally concerned about U.S. military intentions in the cyber domain.[2] The United States is particular concerned with threats to technology, infrastructure, and economic wellbeing. Russia, on the other hand, is concerned about activities that threaten interference in Russian sovereign affairs. It is clear that common interests are at stake, but establishing trust and confidence between these rivals in order to make any level of cooperation work. Establishing confidence-building measures (CBMs) in cyberspace between the United States and Russia would help increase international stability and reduce the risk of conflict stemming from the use of cyberspace. This paper will address what confidence-building measures are and what they entail, previous examples of CBMs between the United States and Russia, will provide ideas for potential CBMs, and will also address concerns about establishing CBMs between the two rivals.

What are confidence-building measures?

Confidence-building measures, also known as “transparency and confidence building measures” or “confidence, transparency, and security-building measures” are defined as,

An instrument of international politics, negotiated by and applied between States…[that] aim to prevent the outbreak of an (international) armed conflict by miscalculation or misperception of the risks and by the consequent inappropriate escalation of a crisis situation, by establishing practical measures and processes of (preventive) crisis management between states.[3]

These measures have three goals: transparency, cooperation, and stability.

• Transparency measures focus on fostering a better mutual understanding of national military capabilities and activities. These measures can include crisis management instruments (e.g. effective crisis communication channels), and notifying military movements via diplomatic channels.
• Cooperation measures can include exchanging documents (such as military doctrines), conducting join military exercises, exchanging observers, military delegations’ visits, and developing a common understanding of key definitions.
• Stability measures foster predictability of military activities by limiting them, and through stabilizing the military balance.[4]

The idea of confidence-building measures was first developed during the Cold War in order to prevent an accidental nuclear launch, and have now been expanded upon to be utilized in the cyber domain. Due to the nature of the Internet, the scope of potential consequences of malicious cyber activities, such as espionage and cyber crime, could quickly and easily escalate out of control. Additionally, the potency, low cost, and potential deniability of these attacks makes them particularly counterproductive to building trust between actors.[5]

The objective of confidence-building measures is “to prevent outbreak of war and escalation in a crisis; increase trust so as to avoid escalation; enhance early warning and predictability; and modify and transform or improve relations between states.” [6] Examples of CBMs including information exchange measures, observation and verification measures, and military constraint measures. They can be formal or informal, unilateral, bilateral, or multilateral, military or political, and can be state-to-state or nongovernmental.[7] If effective confidence-building measures are implemented, they can have several critical benefits for the international cyber arena, including:

• Help countries counter the threat of cybercrime
• Promote international consistency in cyber security approaches
• Minimize misunderstandings that fuel distrust and exacerbate tensions between states
• Ensure the safety and stability of cyberspace by reducing the risk of cyber war breaking out.[8]

Without confidence-building measures, distrust and militarization will be fueled in the cyberspace, which only increases the potential of a cyber arms race. It is important to recognize that it is people – not technology – that shape governments’ political, diplomatic, and military choices in cyberspace. At the heart of this decision-making is trust and understanding.[9] Nicholas explains that the reason why building understanding and trust is so complicated in the cyberspace is because so many systems that are labeled as cyber defense also have cyber offense capabilities. When a state invests in cyber security measures to defend itself, its rivals might see that defense building instead as a growth in offensive capabilities and a potential sign of gearing up for conflict. A very human response to seeing that build-up would be for a rival state to build up one’s own defenses and potentially even increase one’s retaliatory capabilities.[10] This, in turn, could also be misinterpreted as gearing up towards conflict. Thus, “escalation spreads, trust evaporates, and distrust balloons, leaving cyberspace akin to a powder keg that’s ready to explode.”[11]

Previous examples of United States-Russia cooperation on CBMs

In June 2013, President Obama and President Putin announced the creation of the Working Group on Threats to and in the Use of ICTs in the Context of International Security, under the U.S.-Russia Bilateral Presidential Commission. This working group was established to enhance transparency and confidence between the United States and Russia in the cyber domain. [12]^, [13] The inaugural bilateral meeting of the working group addressed the implementation of a series of bilateral confidence-building measures that were intended to “promote transparency and enhance strategic stability by reducing tensions caused by threats to and in the use of ICTs [information and communications technologies.]”[14] These CBMs included:

• Links between Computer Emergency Response Teams: This CBM involved the sharing of threat indicators between the U.S. Computer Emergency Readiness Team (US-CERT) and its counterpart in Russia in order to facilitate the exchange of practical technical information on cyber security risks to critical systems. These authorities would exchange technical information regarding malware or other malicious software that originated from either state in order to aid in the preemptive mitigation of threats. This exchange was intended to expand the volume of technical cyber security information available to both the United States and Russia.[15]
• Exchange of Notifications through the Nuclear Risk Reduction Centers: This proposed CBM involved utilizing and expanding the Nuclear Risk Reduction Center (NRRC) links that were established between the United States and the then-Soviet Union in 1987 in order to ensure a secure and reliable line of communication between the two countries regarding cyber security incidents of national concern. The new use of this system would have allowed for both parties to make inquiries between parties if necessary in order to reduce the risk of misperception and preemptive escalation from ICT security incidents. [16]
• White House-Kremlin Direct Communications Line: The White House and the Kremlin authorized a direct secure voice communications line that would have been integrated into the already existing Direct Secure Communication System (hotline). This line would have been between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, and would have been used in the event that a cyber security crisis was to emerge.[17]

The United States suspended its participation in the Bilateral Commission in 2014, following Russia’s invasion of Ukraine. However, it is important to note that these CBMs were set in place, and that despite the fact that relations between the two countries have been frosty as of late, establishing effective CBMs with another world power and rival is certainly possible. [18]

Transparency CBMs

The main objective of transparency measures in the process of establishing confidence-building measures is to improve stability and predictability. In the case of the United States and Russia, both countries have low levels of transparency, predictability, and confidence regarding their cyber operations and state actions. Small, initial steps could be taken in order to set a baseline for future transparency measures. These can include publishing a cyber security strategy that is publicly available, complete with aims, intentions, internal structures, and budgetary allocations.[19] The United States published its National Cyber Strategy late last year. Although it is rather broad in its policies and does not include any budgetary allocations, the release of the Strategy is a good first step. Russia has not publicly published its cyber security strategy. In the event that both parties publicly release their cyber strategies, this could lead to open ended consultations and dialogues on national policies, budgets, strategies, doctrines, and processes for offensive cyber operations, as well as transparency on potential “red lines” and circumstances where a party might consider conducting an offensive cyber operation.[20] Another initial measure that could be implemented is a declared military doctrine, including command/control structure on the use of cyber tools in times of conflict.[21] Knowing who controls the particular cyber structures and the use of certain cyber tools in both countries will make the other side aware of each other’s capabilities.

One critical set of transparency CBMs are those that are focused around crisis management. Cyberspace today reflects the actions of a variety of actors, including governments, corporations, and individuals. A cyber crisis, in this instance, would refer to a “politico-military crisis involving risks to computation and networking underpinning national security or major components of national economies.”[22] While few analysts believe that pure cyber conflicts are possible or doubt that cyber crises are not embedded within broader politico-military disputes, distinguishing the cyber dimensions of crises is important because the technical aspects of interactions in cyberspace brings about new expertise, actors, organizational forms, and compressed time scales – all of which require different responses than a politico-military crisis that takes place outside of the cyber arena. Improving crisis management measures would deter states from conducting illegal cyber operations and would help prevent a cyber confrontation from leading to war.[23]

An example of such a policy that is focused on crisis management is the alignment of cyber crisis response teams. Cyber crisis response teams around the world often have difficulty communicating with each other due to the different organizational structures and functional roles these teams play in countries across the world. This CBM ensures that cyber crisis response teams can “identify, access, and exchange data with their functional counterparts” in order to manage the political, military, and economic aspects of cyber crises.[24] This CBM would focus on developing interstate contacts between functional counterparts in the United States and Russia (in this case, the U.S. Computer Emergency Readiness Team (US-CERT) and its equivalent in Russia), and would allow for the right people to communicate quickly to share situational awareness whether they are direct or indirect parties to the crisis. [25] As mentioned above, an idea similar to this one was proposed in the 2013 Working Group on Threats to and in the Use of ICTs in the Context of International Security.

A second example of a crisis management-centered CBM is the establishment of a cyber hotline initiative. As stated above, this has already been proposed between the United States and Russia. In the event of a cyber crisis, secure and reliable communication is essential to manage and de-escalate a crisis, and avoid future miscalculation.[26] Setting up a hotline between the national command authorities of the United States and Russia would establish a secure and resilient communication hotline that can function both during and in the aftermath of a cyber crisis. [27] Seeing as this idea has been proposed before through utilizing an already-existing hotline mechanism, this hotline should be inexpensive and relatively quick to set up.

Another potential area to explore for transparency measures is the idea of establishing joint simulation exercises of cyber attacks between the United States and Russia. These exercises can take place between American Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) and the Russian equivalents. Although this particular measure may not seem as plausible compared to the other measures proposed in this paper, especially given the frosty tensions between the United States and Russia, it should not be deemed as completely impossible. It is true that both the United States and Russia have developed robust cyber warfare doctrines. Russia’s doctrine has given Russia the capability to disrupt the information infrastructure of its enemies, disrupt financial markets and civilian and military communications capabilities. The secrecy of these capabilities has so far precluded any cooperation.[28] However, both countries agree that some of the cyber methods both countries use are not necessarily different to those that cyber criminals and cyber terrorists use. It is these illicit actors that are the main threats to the critical infrastructure of both countries. [29] Mutual exchanges of information during joint exercises would increase the resilience of both parties as they work to strengthen their critical infrastructure. In regards to the issue of secrecy, initial exchanges could be limited to just unclassified information, which could then be followed later on by more concrete bilateral exchanges on specific mutual threats, such as safeguarding critical infrastructure from cyber attacks.[30] Full transparency in terms of information warfare capabilities does not have to be required, nor would it be necessary to exchange classified information.[31] This could help resolve initial concerns.

Cooperation CBMs

Cooperation CBMs rely on adapting and applying existing norms and mechanisms to issues pertaining to cyberspace.[32] One critical area that Russia and the United States can cooperate on in terms of CBMs is through measures to hinder cybercrime. Cybercrime is arguably the most persistent threat in cyberspace between the United States and Russia. Cooperation between Russia and the United States in this field has been sporadic, while the number of Russian cybercriminal networks has only grown over the years.[33] As McConnell et al explains,

Both governments must take action to decrease the scale and quantity of  cyber incidents. Russia and the United States should cooperate on investigating and prosecuting these incidents, as well as on sharing information. Episodes such as the DNC hacking should be subject to such type of cooperation. Russian and American law enforcement agencies should work out the mechanisms of joint investigation of cyber incidents, prosecution of cyber criminals, assisting each other in damage control, and share information about international cyberthreats. [34]

There are several potential areas of cooperation between Moscow and Washington on issues related to cybercrime. The U.S. should encourage Russia’s inclusion in programs that combat types of online crime that Russia has publicly advocated for increased cooperation, such as child pornography and drug trafficking.[35] Additionally, the U.S. should work to strengthen its bilateral law enforcement cooperation on cyber issues. Van Epps argues that Russia would be willing to do this and already has before, as Moscow and Washington cooperated significantly in the aftermath of the Boston Marathon bombings in 2013. This kind of cooperation, Van Epps claims, would improve interactions between Russia and the United States, as it would allow them to keep with their Mutual Legal Assistance Treaty, agreed upon in 1999.[36]

Another example of one of these policies is establishing collaboration between Russia and the United States is launching joint investigations into major cyber incidents. The Atlantic Council models this CBM after the Joint Investigation Group that examined the attack against South Korea’s ship, the Cheonan.[37] This Joint Investigation Group was essentially a multinational committee with experts in different fields who came together to determine the cause of the sinking of the Cheonan, and it was through this group that it was determined that North Korea was behind the incident. In the event of a major cyber incident, it is imperative to determine who was responsible for the incident as quickly as possible in order to maintain stability and avoid further escalation. According to Healey et al, “This CBM would establish a mechanism to form an ad hoc group of technical experts following a major incident to conduct an international investigation into all evidence and determine which nations or nonstate actors were responsible. Such evidence would include all technical data as well as other pertinent information that could aid the investigation.”[38]  This CBM would establish of an inter-agency working group on a state-to-state level that would consist of individuals with a wide range of expertise and diverse technical and political background in order to ensure that each incident can be addressed effectively. In the event that both parties are in favor of forming such a group, it could be implemented inexpensively and in a relatively short period of time.[39]

Another potential area of cooperation between the United States and Russia would be adopting shared Public Key Infrastructure (PKI) standards. As Van Epps defines it, “PKI is a technical concept that uses a “digital electronic signature” to verify the integrity of data and the identity of the sender during an exchange of electronic information.”[40] PKI is a vital strategy in combating cyber crime such as identity them, because it lifts the veil of anonymity (i.e. the “attribution problem”) in the digital sphere.[41] Apart from spare private sector cooperation in the finance and electronic logistic service sector, there has been very little cooperation in the field of PKI between the United States and Russia. Russia has pushed for closer cooperation in the field for several years now; however, the United States has often hesitated due to fears that progress in PKI might be used by Russian authorities to clamp down on dissidents of the regime. [42] The Federal Security Service (FSB) of the Russian Federation and the U.S. Federal Bureau of Investigation (FBI) could start off discussions towards cooperation by holding initial discussions on PKI, focusing on ways to achieve a level of interoperability between the Russian block cipher and the United States’ DES (Data Encryption Standards) system, in order to identify weaknesses that cyber criminals could exploit. [43] These discussions would also include identifying the desired exchange of information, as well as a joint risk assessment of particular sectors in order to determine in which sectors closer cooperation is the most mutually beneficial. [44]

Stability CBMs

There are several stability-centered CBMs that Russia and the United States could develop together. One of the most important potential stability CBM would be the creation of a new cyber treaty between the United States and Russia – one that focuses on cyber arms control. In contemplating a cyber treaty such as the one proposed above with a rival country like Russia, traditional arms control negotiations provide an excellent example to go off of.[45] Preventative arms control agreements, such as the Outer Space Treaty (OST), Biological Weapons Convention (BWC), and the Chemical Weapons Convention (CWC), have banned whole classes of threats and weapons. The CWC has often been cited as a potential model for cyber arms control.[46] These agreements gave the international arena elaborate verification and confidence building measures, which greatly enhanced security, because they established protocols and venues for dialogues among leaders and experts whenever things went awry.[47] While these are all multilateral agreements, a bilateral agreement could be set in place between Russia and the United States in order to contain the development and spread of cyber weapons. According to Robert G. Papp, a former naval officer and former director of the Center for Cyber Intelligence at the Central Intelligence Agency, even a cyber treaty of a limited duration between the United States and Russia would represent a significant step forward.[48] Although current domestic tensions in the United States, as well as the recent demise of the INF treaty, do not necessarily offer the best environment for negotiations, laying the initial groundwork now is critical to move forward.

Another example of a stability-based CBM is one that limits the indiscriminate and mass compromise of a supply chain. States will not be willing to ascribe to a CBM that limits cyber espionage, as most states largely agree that espionage is acceptable under international law.[49] However, Borghard and Lonergan write that the mass targeting of a supply chain can be destabilizing, especially in the event that there are concerns that intrusions into a supply chain represent preparations for a cyber attack rather than just espionage.[50] Beyond just national security concerns, there are broader implications for international trade if states perceive the need to resists market forces and only purchase software and hardware domestically or from a trusted ally.[51] While capable cyber powers will inevitably continue to try to disrupt the supply chain to gain access to adversaries, limiting mass (as opposed to tailored) operations through a specific CBM could enhance stability between cyber rivals such as the United States and Russia.[52]

A third example of a stability-based CBM would be to declare neutrality status for critical infrastructure and entities. Critical infrastructure is the lifeline of states, which is why they are often considered to be prime targets, as well as objects of intense tensions following a cyber attack.[53] International humanitarian law today protects a wide range of persons and objects during armed conflicts, including civilians not directly participating in hostilities, medical and religious personnel, and civilian objectives.[54] Under said laws, these persons and structures cannot be the object of an attack. Neutrality, in the context of international law, is defined as “the formal position taken by a state that is not participating in an armed conflict or that does not want to become involved.” [55] This status gives the state specific rights and duties, including the right to stand away from the conflict, as well as the duty of impartiality. Drawing upon these two concepts, this CBM would give protected status to critical cyber entities, including personnel and organizations, in the event of an armed cyber conflict.[56] Discussions could be held between the United States and Russia to determine protected status for critical entities, including assets, personnel, and security structures, would address the challenges that come from the use of cyberspace, dual use infrastructure, interconnectivity, and interdependencies of the Internet.[57] On a state-to-state level, an inter-agency working group could be established in order for both states to come to a common understanding on what would be defined as critical cyber infrastructure. It would also be useful to feed this discussion through the United Nations or the OSCE, which has experience in formulating CBMs and reaching agreements between states for measures like this.[58]

Potential obstacles to implementing CBMs between the United States and Russia

Due to the characteristics of the Internet, several obstacles and challenges are in the way regarding the full effectiveness of CBMs. Firstly, there is a significant amount of anonymity in cyberspace, which could inhibit the effectiveness of the United States and Russia establishing an effective political commitment. According to Ziolkowski,

The possibility of conducting covert governmental cyber operations seems as potentially minimising the political risk of States to an extreme, and therefore increasing the risk of misperception and improper response to malicious cyber activities. Indeed, despite all political endeavours, and  against the background of technological possibilities to act anonymously in the Internet, States can retain a high degree of deniability with regard to their cyber activities.[59]

Furthermore, because states often carry out their activities and intentions in the cyberspace with high levels of secrecy, this could lead to transparency measures being less effective overall.[60] With that being said, however, governments do recognize that the secretive nature of cyber operations and the difficulties of signaling in cyberspace can be destabilizing over time, increasing tensions as well as the risk of inadvertent conflict.[61] Therefore, even though it is impossible to completely eliminate the incentives to conduct covert cyber operations, CBMs that facilitate dialogues between states – especially cyber rivals such as the United States and Russia – can mitigate the potentially destabilizing effects of a critical attack on the cyber domain.[62]

Another critical issue that is specific to negotiating CBMs with Russia is the sheer question of whether Russia is a potential partner to be trusted. At the 2017 G20 in Germany, President Vladimir Putin proposed the creation of a U.S.-Russia cyber working group. A few months later, it was reported that Russia’s deputy foreign minister had proposed an agreement where both countries would agree to not interfere in each other’s domestic politics.[63] U.S. officials rejected the offer, most likely because they are understandably skeptical about the sincerity of Moscow’s offer, especially as they continue malicious cyber operations against the United States.[64] Between 2016 and 2018, Russia compromised the Democratic Party, launched a chaotic ransomware attack, tried to infiltrate the U.S. electrical grid using similar cyber tools that they used to cause blackouts in Ukraine in 2015 and 2016, sustained an active propaganda and fake news campaign on social media, and compromised voter databases in at least two U.S. states.[65] Even though levels of trust between these two rivals are relatively low at the moment, both the United States and Russia recognize that despite their differences, they do have to come together to talk to each other in order to avoid uncontrolled escalation in cyberspace. Coming to the table now to establish confidence-building measures, even though tensions are high, is crucial in order to prevent a potentially catastrophic crisis in the future.[66] Establishing these CBMs is an ambitious – but not entirely unthinkable – goal.

Conclusion

Given the current state of affairs between Russia and the United States, it remains to be seen whether genuine and effective cooperation is even possible right now. For some leaders in both Russia and the United States, the relationship between the two rivals is particularly confrontational, given Russia’s offensive threat and the United States’ defensive countermeasures.[67] However, leaders in both countries also recognize that the cyber dimension is a particularly complex arena – one that is constantly developing and changing. These persistent changes bring about new opportunities for mistakes, misperceptions, and miscalculations. Establishing effective confidence-building measures can play an important role in cyber risk reduction between Russia and the United States.

Works Cited

Borghard, Erica D., and Shawn W. Lonergan. “Confidence Building Measures for the Cyber Domain.” Strategic Studies Quarterly 12, no. 3 (Fall 2018): 10-49.

Gady, Franz-Stefan, and Greg Austin. “Russia, The United States, And Cyber Diplomacy: Opening the Doors.” East West Institute, 2010, 1-19.

Grisgby, Alex. “Russia Wants a Deal with the United States on Cyber Issues. Why Does Washington Keep Saying No?” Council on Foreign Relations, August 27, 2018.

Healey, Jason, John C. Mallery, Klara Tothova Jordan, and Nathaniel V. Youd. “CONFIDENCE-BUILDING MEASURES IN CYBERSPACE: A MULTISTAKEHOLDER APPROACH FOR STABILITY AND SECURITY.” Atlantic Council: Brent Scowcroft Center on International Security, November 2014, 1-19.

McConnell, Bruce W., Pavel Sharikov, and Maria Smekalova. “Policy Brief: Suggestions on Russia-U.S. Cooperation in Cybersecurity.” East West Institute, no. 11 (May 2017): 2-12.

NATO Cooperative Cyber Defence Centre of Excellence. Confidence Building Measures for Cyberspace – Legal Implications. By Dr. Katharina Ziolkowski. 2013. 5-93.

Nicholas, Paul. “What Are Confidence Building Measures (CBMs) and How Can They Improve Cybersecurity?” Microsoft (blog), June 29, 2017.

Organization for Security and Co-Operation in Europe. Transnational Threats Department. The Role of OSCE Confidence -Building Measures in Addressing Cyber/ICT Security Challenges to Critical Infrastructure. 2018. 1-19.

Papp, Robert G. “Kennan Cable No. 41: A Cyber Treaty With Russia.” Wilson Center, March 29, 2019.

Sharikov, Pasha. “Policy Brief: Cybersecurity in Russian-U.S. Relations.” Center for International and Security Studies at Maryland, April 2013, 1-6.

Stauffacher, Daniel, and Camino Kavanagh. “Cyber Policy Process Brief: Confidence Building Measures and International Cyber Security.” ICT4Peace Foundation, 2013, 3-21.

The White House. Office of the Press Secretary. “FACT SHEET: U.S.-Russian Cooperation on Information and Communications Technology Security.” Press release, June 17, 2013.

The White House. Office of the Press Secretary. “Joint Statement on the Inaugural Meeting of the U.S.-Russia Bilateral Presidential Commission Working Group on Threats to and in the Use of Information and Communication Technologies (ICTs) in the Context of International Security.” Press release, November 22, 2013.

The Cyber Index: International Security Trends and Realities. New York, NY: United Nations Institute for Disarmament Research, 2013.

Van Epps, Geoff. “Common Ground: U.S. and NATO Engagement with Russia in the Cyber Domain.” Partnership for Peace Consortium of Defense Academies and Security Studies Institutes 12, no. 4 (Fall 2013): 15-50.

[1] McConnell, Bruce W., Pavel Sharikov, and Maria Smekalova. “Policy Brief: Suggestions on Russia-U.S. Cooperation in Cybersecurity.” East West Institute, no. 11 (May 2017): 2-12.

[2] Sharikov, Pasha. “Policy Brief: Cybersecurity in Russian-U.S. Relations.” Center for International and Security Studies at Maryland, April 2013, 1-6., 2.

[3]  NATO Cooperative Cyber Defence Centre of Excellence. Confidence Building Measures for Cyberspace – Legal Implications. By Dr. Katharina Ziolkowski. 2013. 5-93., 12.

[4] Ibid, 12.

[5] Healey, Jason, John C. Mallery, Klara Tothova Jordan, and Nathaniel V. Youd. “CONFIDENCE-BUILDING MEASURES IN CYBERSPACE: A MULTISTAKEHOLDER APPROACH FOR STABILITY AND SECURITY.” Atlantic Council: Brent Scowcroft Center on International Security, November 2014, 1-19., 5

[6] Stauffacher, Daniel, and Camino Kavanagh. “Cyber Policy Process Brief: Confidence Building Measures and International Cyber Security.” ICT4Peace Foundation, 2013, 3-21., 3.

[7] Healey et. al., 1.

[8] Nicholas, Paul. “What Are Confidence Building Measures (CBMs) and How Can They Improve Cybersecurity?” Microsoft (blog), June 29, 2017.

[9] Ibid, n.p.

[10] Ibid, n.p.

[11] Ibid, n.p.

[12] The White House. Office of the Press Secretary. “FACT SHEET: U.S.-Russian Cooperation on Information and Communications Technology Security.” Press release, June 17, 2013.

[13] The White House. Office of the Press Secretary. “Joint Statement on the Inaugural Meeting of the U.S.-Russia Bilateral Presidential Commission Working Group on Threats to and in the Use of Information and Communication Technologies (ICTs) in the Context of International Security.” Press release, November 22, 2013.

[14] Ibid, n.p.

[15] Ibid, n.p.

[16] Ibid, n.p.

[17] Ibid, n.p.

[18] Borghard, Erica D., and Shawn W. Lonergan. “Confidence Building Measures for the Cyber Domain.” Strategic Studies Quarterly 12, no. 3 (Fall 2018): 10-49., 31.

[19] Stauffacher et al, 7.

[20] Ibid, 7-8

[21] Ibid, 8

[22] Healey et al, 7.

[23] Ibid, Executive Summary.

[24] Ibid, 7.

[25] Ibid, 7

[26] Ibid, 9

[27] Ibid, 9.

[28] Gady, Franz-Stefan, and Greg Austin. “Russia, The United States, And Cyber Diplomacy: Opening the Doors.” East West Institute, 2010, 1-19., 17.

[29] Ibid, 17

[30] Ibid, 17

[31] Ibid, 17

[32] Ibid, Executive Summary.

[33] Van Epps, Geoff. “Common Ground: U.S. and NATO Engagement with Russia in the Cyber Domain.” Partnership for Peace Consortium of Defense Academies and Security Studies Institutes 12, no. 4 (Fall 2013): 15-50., 37.

[34] McConnell et al, 7.

[35] Van Epps, 47.

[36] Ibid, 47-8.

[37] Healey et al., 4.

[38] Ibid, 4.

[39] Ibid, 4

[40] Van Epps, 48.

[41] McConnell et al, 10.

[42] Ibid, 10.

[43] Ibid, 11

[44] Ibid, 12.

[45] Papp, Robert G. “Kennan Cable No. 41: A Cyber Treaty With Russia.” Wilson Center, March 29, 2019., n.p.

[46] The Cyber Index: International Security Trends and Realities. New York, NY: United Nations Institute for Disarmament Research, 2013., 135.

[47] Papp, n.p.

[48] Ibid, n.p.

[49] Borghard and Lonergan, 33

[50] Ibid, 33.

[51] Ibid, 33

[52] Ibid, 33-34

[53] Organization for Security and Co-Operation in Europe. Transnational Threats Department. The Role of OSCE Confidence -Building Measures in Addressing Cyber/ICT Security Challenges to Critical Infrastructure. 2018. 1-19., 3.

[54] Healey et al, 14.

[55] Ibid, 15.

[56] Ibid, 15

[57] Ibid, 13

[58] Healey et al., 15.

[59] Ziolkowski, 30.

[60] Ibid, 30

[61] Borghard and Lonergan, 16

[62] Ibid, 16

[63] Grisgby, Alex. “Russia Wants a Deal with the United States on Cyber Issues. Why Does Washington Keep Saying No?” Council on Foreign Relations, August 27, 2018., n.p.

[64] Ibid, n.p.

[65] Ibid, n.p.

[66] Papp, n.p.

[67] Gady and Austin, 19.

Nations over the years have been hit with the growing challenges that stem from securing cyberspace. Cybersecurity encompasses a range of aspects – governance, policy, operations, technical, and legal.[1] The Internet has essentially become the “backbone” of business, critical infrastructure, social networks, and the global economy. As a result, many nations are looking into launching digital strategies that help stimulate economic growth, promote productivity and efficiency, to enhance workforces and provide skills training, and to promote good governance.[2] Additionally, nations are looking into securing their technology and critical infrastructure, as there are rapidly evolving cyber threats that leave countries more vulnerable to property damage, data and intellectual property threat, and service disruption.[3]

To make the process of launching a cyber strategy as simple as possible, the International Telecommunication Union (ITU) released the “Guide to Developing a National Cybersecurity Strategy: Strategic Engagement in Cybersecurity,” a guide targeted at policymakers, as well as other private and public stakeholders, that outlines the principles and good practices that should be included in the process of developing a National Cybersecurity Strategy.[4] The ITU Guide explains that states must align their national economic visions with their national security priorities – otherwise, countries will not be able to fully achieve the growth and security they are seeking.[5] In September 2018, the Trump Administration released the National Cyber Strategy for the United States as a response to both prevent and combat American competitors and adversaries from causing significant damage to the economies, allies, and interests of the U.S. and its allies through the cyberspace. This paper will assess and grade the U.S.’s National Cyber Strategy using the guidelines of the ITU Guide and will determine if the United States has created an effective Cyber Strategy based on the recommendations of the ITU.

One key strength of the United States National Cyber Strategy is that it respects and is consistent with fundamental human rights. The ITU Guide writes that any strategy must recognize that the rights of people offline should be equally protected online, and should “respect universally agreed fundamental rights,” with particular attention paid to “freedom of expression, privacy of communications and personal-data protection.”[6] The promotion of Internet freedom is not a new one for the United States, as it was a critical issue for both the Bush and Obama administrations.[7] This latest National Cyber Strategy outlines the protection of promotion of Internet freedom as a priority action, writing that human rights and fundamental freedoms, including freedoms of expression, association, religion, and privacy rights online, should be respected regardless of frontiers or medium.[8] The United States’ Strategy also outline that Internet freedom, by extension, supports the free flow of information that enhances international trade, fosters innovation, and strengthens our national and international security.[9] The Strategy also advocates working with like-minded countries, industry, academia, and civil society to advance human rights and Internet freedom globally, and to counter authoritarian efforts to suppress these rights.[10] Additionally, the Strategy promotes that the United States will actively engage with multilateral and international organizations, including the United Nations, Intergovernance Forum, and the ITU, to “defend the open, interoperable nature of the Internet.”[11]

Another strength of the National Cyber Strategy of the United States is that it promotes the development of a superior cybersecurity workforce through skills development and workforce training. The ITU guide outlines that any national strategy needs to address the development of cybersecurity training and skills-development schemes in the public and private sectors alike, through efforts such as executive and operational training, technical training, and certification of security professionals based on the government’s needs.[12] The ITU guide also suggests fostering initiatives aimed at developing cybersecurity career paths for workers in the public sectors, and incentives to increase the supply of qualified cybersecurity professionals. [13]

The United States National Cyber Strategy outlines four priority actions within this pillar:

• Building and sustaining the talent pipeline: This action details the United States investing and enhancing programs that build the domestic talent pipeline, as well as merit-based immigration reforms to ensure that the United States has a competitive cybersecurity and technology workforce;
• Expanding reskilling and educational opportunities for America’s workforce: This section proposes cooperation between the Administration and Congress to promote and reinvigorate educational and training opportunities related to cybersecurity. The Strategy outlines expanding Federal recruitment, training, and re-skilling workers from other background.
• Enhancing the federal cybersecurity workforce: This section states that the Administration will continue utilizing the already-existing National Initiative for Cybersecurity Education (NICE) Framework to allow for a standardized approach for identifying, hiring, developing, and retaining the cybersecurity workforce.
• Using executive authority to highlight and reward talent: This section outlines that the Federal government will leverage public-private collaboration to circulate the NICE framework across several industries, also implementing actions to prepare, grow, and sustain America’s cybersecurity workforce over time.[14]

Another strength of the National Cyber Strategy of the United States is that it encourages inter-sectoral cooperation. The ITU Guide outlines that identifying a network of contact points across various industries (including the private sector and other national stakeholders) is essential for the operation and recovery of critical services and infrastructure.[15] The National Cybersecurity Strategy of the United States proposes utilizing a risk-management approach, in partnership with the private sector, to mitigate vulnerabilities to raise the base level of cybersecurity across critical infrastructure.[16] The Strategy also proposes the federal government collaborating with the private sector, academia, and civil society to identify, counter, and prevent foreign influence operators from using digital platforms for malign purposes.[17]

Despite its strengths, however, the National Cyber Strategy of the United States has some significant flaws. One of the biggest criticisms of United States’ Strategy is that it fails to identify a lead project authority to oversee the development and execution of the Strategy. The ITU Guide stresses that any national cybersecurity strategy should be “…coordinated by a single, competent authority…[appointing] an either pre-existing or newly created public entity, such as a ministry, agency, or a department, to lead the development of the Strategy.”[18] The ITU Guide writes that this “Lead Project Authority” is a critical asset in several areas of a National Cybersecurity Strategy, including engaging with key stakeholders from the public and private sectors and civil society, labeling potential gaps in policy and options for addressing them, identifying specific initiatives within focus areas that will help meet the objectives of the Strategy, specifying which government agencies are responsible and accountable for each initiative, and securing the human and financial resources necessary for different projects and initiatives.[19]

Microsoft’s “Building an Effective National Cybersecurity Agency” reflects a similar sentiment, stating that a single agency that is solely dedicated to managing cybersecurity at the national level is the most effective way to manage the security of civilian agencies, critical infrastructure, and national level incident response.[20] Microsoft’s guide outlines further, Governments have limited time, expertise and resources to deal with the range of threats they face. Bringing core national level functions for coordination, standards setting, incident response, partnership and  international outreach into one agency will allow governments to prioritize their limited resources.[21]

Since cybersecurity concerns cut across several policy and regulatory branches, including justice, treasury, defense, and foreign affairs, having a single cybersecurity agency that supports other relevant agencies in these branches can help improve the effectiveness of a government-wide cybersecurity strategy.

The way the United States’ National Cybersecurity Strategy is outlined, there is no singular overarching agency or department that is dedicated solely to cybersecurity. Instead, the Administration appears to take the lead on facilitating and/or overseeing some of the initiatives outlined in the Strategy while delegating other initiatives to various departments and/or agencies, as well as the private sector and civil society. This means each department, agency, private sector organization or civil society actor(s) is making their own decisions and taking their own approaches to the implementation of the strategy. According to Microsoft, this fragmented approach to structuring a cyber strategy “will inevitably create weaknesses that attackers can exploit.”[22]

Another criticism of the National Cyber Strategy of the United States that directly stems from the lack of a lead project authority is that in terms of intra-governmental cooperation, the Strategy does not clearly outline which department or agency will take the lead on priority areas and initiatives. The ITU Guide writes that, “Intra-governmental commitment, coordination and cooperation are core functions of those governmental institutions, needed to ensure that the governance mechanisms…and resources yield the desired outcomes of the Strategy.”[23] Additionally, effective communication and coordination between government agencies ensures that the agencies are aware of each other’s authorities, missions, and tasks.[24]

On the surface level, the Strategy does encourage intra-governmental cooperation.  For example, one of the Strategy’s ideas to secure federal networks and information is improving federal supply chain risk management. As this idea outlines, the Trump Administration will integrate supply chain risk management into agency procurement and risk management processes by ensuring better information sharing among departments and agencies to improve awareness of supply chain threats and reduce duplicative supply chain services.[25] Another priority action the Strategy outlines is refining the roles, responsibilities, and expectations of the various Federal agencies and departments related to issues of cybersecurity risk management and incident response.[26] This clarity, the Strategy writes, “…will enable proactive risk management that comprehensively addresses threats, vulnerabilities, and consequences…[and] will also identify and bridge existing gaps in responsibilities and coordination among Federal and non-Federal incident response efforts and promote more routine training, exercises, and coordination.”[27]

However, upon inspecting further, it becomes noticeable that the Strategy does not explicitly go into detail on which departments and agencies will take the lead on particular assignments. For example, in the section that calls for improving federal supply chain risk management, one suggestion the U.S. Strategy outlines is creating a supply chain risk assessment shared service, which would include addressing deficiencies in the Federal acquisition system. This section mentions that the Administration will integrate this management into “agency procurement,” but it is not specified which agency specifically would be in charge of creating and running this shared service.[28] Another section that lacks clarification is the section on combatting cybercrime and improving incident reporting. The Strategy outlines that the Trump administration will ensure that Federal departments and agencies have the “necessary legal authority and resources to combat transnational cybercriminal activity;” however, this does not provide much insight into which departments and agencies will have that legal authority, nor does it specify which department or agency will combat what particular transnational cyber crime.[29] This lack of specificity can be damaging in the event of a transnational cyber crime, because confusion which Federal department or agency has the authority over what issue could lead to political infighting and the potential for a blame game to erupt over which department, agency or actor is responsible for defending the nation from a particular attack or fixing the damage in the aftermath of one.

Another serious criticism of the National Cyber Strategy of the United States is that there is an absence of outlined funding mechanisms for the projects the Federal Government proposes. The ITU guide outlines several stages of the cybersecurity strategy development process where outlining funding requirements and mechanisms are particularly important. When planning the development of the strategy, identifying the human and financial resources is necessary to determine the sustainability and survivability of the strategy. Whether the money comes from reallocated dedicated funding streams in existing budgets or through new funding from third parties (e.g. international organizations), it is important for a cyber strategy to outline these mechanisms – without monetary funds, the strategy will collapse.[30] Additionally, the ITU guide outlines that identifying and securing long-term funding for the full lifecycle of the national cybersecurity strategy is particularly important throughout the development, implementation, and refinement stages of the planning process.[31] As the guide explains, “Sufficient, consistent, and continuous funding provides the foundations for an effective national cybersecurity posture.”[32] Additionally, budget allocation should match the level of ambition and complexity of the outlined project.[33]

While the National Cyber Strategy of the United States does briefly mention that the National Security Council staff will coordinate with departments, agencies, and the Office of Management and Budget (OMB) to create an appropriate resource allocation plan, this step should have been taken during the initial stages of mapping out the Strategy before its release, as many of the projects outlined in the National Cyber Strategy of the United States are likely to be costly.[34] For example, one section of the Strategy highlights a critical need to improve transportation and maritime cybersecurity, as the United States’ current infrastructure is vulnerable to cyber exploitation. The Federal Government proposes “…[accelerating] the development of next-generation cyber-resilient maritime infrastructure.”[35] This section does not specify how much this new maritime infrastructure will cost. Not knowing the costs of a project and what financial resources it requires could lead to resource mismanagement, as well as increase the potential for wasteful spending.

Another criticism of the National Cyber Strategy of the United States is that it says little about the metrics or indicators that could keep the federal government accountable for what is outlined in the Strategy. The ITU guide states that any National Cybersecurity Strategy must identify the metrics that will be used to ensure that desired outcomes are achieved within set budgets and timelines.[36] Examples of these key performance indicators or metrics should be:

• Specific – target a specific area for improvement
• Measureable – quantify or at least suggest an indicator of progress
• Achievable – state what results can realistically be achieved, given available resources
• Responsible – specify who will do it
• Time related – specify when results can be achieved.[37]

Establishing a set of baseline metrics “…will enable better monitoring of actions and highlight areas of potential improvement.”[38] Additionally, these metrics can help the government evaluate the efficiency and effectiveness of the initiatives within the strategy both during and following their completion.[39]

Within these metrics, outlining a timeline is particularly important. The National Cyber Strategy of the United States fails to outline any sort of timeline for both the objectives and the implementation timeline of the Strategy. Having a set timeline for any National Cybersecurity Strategy is critical in the initiation, production, implementation, and monitoring and evaluation phases of producing a strategy. Having a timeframe for adoption is critical for planning the development of the strategy, as it specifies how and when relevant stakeholders will be expected to participate and provide feedback to the development process. Having a set timeframe also provides the government with a plan on when set objectives should be accomplished, and can help relevant actors prioritize these objectives in terms of impact on society, the economy, and infrastructure.[40] Furthermore, a timeline will drive the allocation of resources that are required to support these activities and incentivize implementation efforts, as a timeline will provide relevant actors the information on which actions or projects need to be prioritized in terms of short-term and long-term criticality. As a result, this can help relevant actors ensure that limited resources are appropriately leveraged.[41]

Having a set timeline is also useful for evaluating the outcomes of the strategy. As mentioned above, the cybersecurity landscape is constantly changing. Broader risk evaluation will need to occur regular to understand if there are any external events or policies that may affect the overall outcomes of the Strategy. Having a set timeline can help the federal government reassess and reorganize priorities and objectives in the event that it is necessary. Additionally, setting a timeline in the initiation phase will help in this review, as it will provide the federal government keep track of the Strategy’s project and whether its goals are being met. In the event that a certain project is not expected to meet its timeframe of completion, the federal government can have an easier time assessing why the project will not be completed in its projected timeslot, whether it is because it does not have the adequate resources or if an external event has prevented the project from being completed in time. This will help keep the federal government accountable for its goals.

On the surface level, the National Cyber Strategy of the United States has high expectations that appear to cover a broad range of issues, including securing federal networks and information, invest in next-generation infrastructure, and deter malign actors in cyberspace. The Strategy does have some standout ideas – it is firm in its demand for respect for human rights and Internet freedom, provides a wide range of ideas for investing in and promoting a strong cybersecurity workforce, and encourages cooperation across various sectors, including the private sector, academia, and civil society. However, as outlined above, there are a few glaring errors with the National Cyber Strategy. The lack of a leading authority, lack of clarification over which department or agency has control over what projects and goals, the absence of any funding mechanism or resource allocation, and the failure to identify any set of metrics or timeline to evaluate the Strategy’s success are all serious concerns. Given all of these errors, the National Cyber Strategy of the United States deserves a grade of C-  – the Strategy just barely passes because it is ambitious in its goals and does a decent job at setting the surface level for what is necessary for an effective cyber strategy; however, the lack of specificity and detail could end up being a significant hindrance to the success of the National Cyber Strategy overall.

Works Cited

Building an Effective National Cybersecurity Agency. Microsoft, 2017.

 Grigsby, Alex. “The White House National Cyber Strategy: Continuity with a Hint of Hyperbole.” Council on Foreign Relations, October 8, 2018.

GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY. Geneva, Switzerland: International Telecommunication Union (ITU), 2018.

National Cyber Strategy of the United States of America. 2018. 1-26.

[1] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY. Geneva, Switzerland: International Telecommunication Union (ITU), 2018.

[2] Ibid 12

[3] Ibid, 12

[4] Ibid, 8

[5] Ibid, 12

[6] Ibid, 32

[7] Grigsby, Alex. “The White House National Cyber Strategy: Continuity with a Hint of Hyperbole.” Council on Foreign Relations, October 8, 2018., n.p.

[8] National Cyber Strategy of the United States of America. 2018. 1-26., 24.

[9] Ibid, 26

[10] Ibid, 26

[11] Ibid, 25

[12] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 32

[13] Ibid, 45

[14] National Cyber Strategy of the United States of America, 17

[15] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 37

[16] National Cyber Strategy of the United States of America, 8

[17] Ibid, 21

[18] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 17

[19] Ibid, 22-25

[20] Building an Effective National Cybersecurity Agency. Microsoft, 2017., 10

[21] Ibid, 10

[22] Building an Effective National Cybersecurity Agency. Microsoft, 10.

[23] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 37

[24] Ibid, 37

[25] National Cyber Strategy of the United States of America, 7

[26] Ibid, 8

[27] Ibid, 8

[28] Ibid, 7

[29] Ibid, 19

[30] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 19

[31] Ibid, 19

[32] Ibid, 38

[33] Ibid, 26

[34] National Cyber Strategy of the United States of America, 3

[35] Ibid, 10

[36] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 14

[37] Ibid, 26

[38] Ibid, 26

[39] Ibid, 25

[40] GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGY: STRATEGIC ENGAGEMENT IN CYBERSECURITY., 23

[41] Ibid, 25

This past week in my International Security class, we discussed the United States and international order, grand strategy, and the balance of power in the international arena. The idea of the balance of power is simple – the theory suggests that international security can only be achieved within an arena where no state has a significant military advantage over another. If one state were to become significantly stronger than another, that state will become aggressive and attack weaker neighboring states in an attempt to take control, which in turn can spill over into conflict.

Some historians and political scientists have argued that the practice of balancing power has led to conflict in the past, citing all of the wars that occurred in Europe between the Peace of Westphalia in 1648 and the Congress of Vienna in 1815, as well as World War I. Critics of the theory have argued that the balance of power principle does not go far enough in terms of recognizing themes of ideology and identity as being crucial for determining threat perception.

Below is an essay I wrote while I was at Oxford, discussing whether the balance of power theory allows for a more peaceful world, or whether it inevitably leads to conflict.

_______________________________________________________________________________

Does the balance of power guarantee the independence of nations, or does the balance of power cause war? The answer to this question, according to Martin Wight, is both. There is a plethora of historical evidence to suggest states will always pursue self-preservation – this constant pursuit is essentially the idea of the balance of power.[1] In order to preserve themselves, states will often build up armies, colonize various indigenous lands across the world, both to obtain more resources and to show that their armies and governments were powerful enough to be imperialists, and create alliances to balance each other out. However, there is a bit of a self-fulfilling prophecy within the operation of the balance of power – as states build up, it leads to other states inherently become less secure, thus creating the risk of potential conflict. Therefore, it was the operation of the balance of power that led to the outbreak of the First World War.

It is first important to define what the balance of power really is. Our world is anarchic and lacks any sort of overarching central authority that has a legitimate use of force above states – so how does international relations remain stable? The anarchic system itself is inherently what causes wars because there is no authority that can prevent wars from occurring.[2] Robert Jervis explains that conflict is generated by the security dilemma, which means tensions between states are created through the ways that states try to guarantee their own security.[3] Armies and alliances, which are both tactics that individual states can build up to protect themselves, in turn make other states feel threatened and less secure.[4] Martin Wight explains, “….so long as the absence of international government means that powers are primarily preoccupied with their survival, so long will they seek to maintain some kind of balance between them.”[5]

The theory of the balance of power is exactly what keeps international politics still in check. Even if any given nation state gains enough power to menace other strong states, it would be self-defeating – since other states will naturally feel threatened by the sudden rise of a single overarching hegemon, a counter-balancing coalition will build up that will automatically restrain that state.[6] The balance of power theory argues that as long as states seek survival, any individual state can ally with other states in response to external threats, and are willing to resort to war if needed – thus, none will be able to dominate the international arena and then other forms of restraint and stability with come into play.[7] Stability and restraint primarily arise through states’ constant desire for survival and autonomy. This leads states to join together temporarily in order to stop a potential hegemon from rising, “even if they have severe conflicts with each other and even if many would like to be hegemons themselves.”[8]

However, with all of that being said, there is a bit of a self-fulfilling prophecy within the balance of power. According to Robert Jervis, “the balance of power has within it the seeds of its own destruction.”[9] Joseph Nye explains that the distribution of power among states in any given international system is a good predictor of states’ behaviors.[10] Geopolitics, according to Nye, teaches us how states behave, and this has historical accuracy tied to it – half of the military conflicts between 1816 and 1992 began between neighbors, because a states that feels threatened by its neighbor is likely to act in accords with the idea that “the enemy of my enemy is my friend.”[11] This is applicable to the start of the First World War.

The creation of Great Power alliances and alignments – and their subsequent transformation in the international arena – were a key spark in the 1914 outbreak of war. According to Antony Best, the “overly rigid alliances” created in the middle and end of the 19^th century prevented the “proper functioning” of the balance of power, and somewhat ensured that what normally would have been an isolated crisis in the Balkans ended up turning into an all-out war. [12]

According to Wight, whenever there are three or more great powers or blocs that are not tied by alliances, this is said to be a multiple balance. In this case, the balance between all the great powers resembles a sense of equilibrium, because there are multiple powers or blocs that are dividing up the power in the international arena. This accurately describes 18^th century Europe – in Western Europe and overseas on the Atlantic, there was a balance between Great Britain, France, and Spain. In Eastern Europe, there was a balance between Austria, Russia, Prussia, Sweden, and Turkey. Furthermore, there were subordinate alliances among Germany, Italy, and all of their respective states.[13]

Over the years, there were a series of ups and downs with the Empires, and the Vienna Settlement of 1814 was an attempt to restore that. Great Britain had unchallenged supremacy outside of Europe due to its high naval supremacy. Russia had Poland. Austria was dominant in Italy. Prussia was given to the Rhineland. Eventually, France was able to resume its great power status.[14] According to Wight, multiple balance only lasts as long as no conflict of interests arise to create any schism between the great powers. In the instance that this occurs, the powers divide.[15] The multiple balance, in turn, resolves itself into a simple balance, with Wight describing this power balance as a “see-saw” rather than a “merry-go-round.” In the era of a simple balance, there are heightened tensions, a race in armaments, and an “uneasy oscillations of the balance of power which are called crises.”[16]

The Franco-Russian alliance of 1894 was initially built only out of restraint, not aggression, and the “Dual Alliance” between Britain and France in 1904 was intended to stabilize the European status quo.[17]^,[18] However, the original stabilizing character of these alliances eroded by 1904-1905. Additionally, the Triple Alliance of Germany, Austria-Hungary, and Italy was formed in 1882 and renewed in 1907. Britain settled its quarrels with France and Russia by concluding ententes, and Germany eventually grew increasingly more isolated. At this point, the Great Power politicians realized they could no longer afford to risk restraining allies in fears of undermining alliances, because at this point, the Great Powers began to look more towards violent solutions to security threats – thus, allies were becoming increasingly more necessary.[19] Alliances are a crucial factor in the balance of power, and are a tactic that is frequently used by states to ensure that there is a balance of power. It was the individual states within these alliances coming to blows with one another – working within the theory of the balance of power – that eventually led to the outbreak of the First World War.

The original and most basic meaning of the term “balance of power” refers to “an even distribution of power, a state of affairs in which no power is so preponderant that it can endanger the other.”[20] What is crucial here is the part where no power becomes so dominant that it endangers those states around that particular power. Another crucial point of the balance of power theory is the idea that states are always inherently self serving and are seeking protection for themselves. What is tied to this idea is the idea of national interests. Joseph Nye ties the idea of national interests into international relations theory. First, realists believe that states have little choice in defining their national interests due to the inherent nature of the international system – states have to define their interests in terms of the balance of power or else they will not survive. To put it simply – a state’s position within the international arena will determine its national interests and predicts it foreign policies.[21] Liberals and constructivists, on the other hand, will argue that national interests are defined by much more than the state’s position in the international arena. Nye expands on this, explaining that the definition of national interests depends primarily on the domestic society and culture of a given state.[22]

As stated above, states are always self-serving, for the sake of self-preservation and security. Beginning in the late 19^th century and going until the beginnings of World War I, European powers – including Britain, France, Germany, Russia, and Austria Hungary – began to build up military armaments in significant numbers. This was done out of a sense of security, because security is a national interest of each European power. Germany’s mass armament, in particular, caused mass panic across the European powers. Following the unification of Germany, the state was under the control of the Kaiser, the “supreme war lord.”[23] The Kaiser had a personal military staff which operated independently of the civil and naval staffs – thus, it was possible for military decisions to be taken without the knowledge of any of the other branches of government.[24] This ended up being a crisis itself, as there was no coordination between the German army and the navy. With the formation of the Franco-Russian alliance, the German army’s strategy and buildup was based on the need to fight a war on two separate fronts.[25] At the same time, the navy based their strategy around planning a war against Britain.[26] The Germans began building a series of naval fleets in an attempt to defeat the naval hegemony of the British Empire, which had gone mostly unchallenged.[27] The result of the lack of coordination between the two branches of the military and their own interests, as well as the further lack of coordination with the Kaiser, Germany found themselves encircled by their enemies by 1914.[28] The Anglo-German naval rivalry that emerged from Germany’s fleet buildup ended up being a major factor for Britain backing the French in Morocco and aligned Britain with Russia in Russia’s struggle with Austria-Hungary for control of southeast Europe.[29] Furthermore, the British regarded Germany’s naval buildup as a direct threat to their naval hegemony and their worldwide empire, and the result was that the British, too, began to increase the speed of their naval buildup.[30] In Germany’s acts of self-preservation and national interest, which is inherently a part of the balance of power, it, in turn, led to increasing discomfort and a decrease in security in the states surrounding Germany, thus leading to other states – most notably, Great Britain – into also building up in response. Thus, with the operation of the balance of power, came significant military tensions that eventually led to the outbreak of the First World War.

There is no viable alternative to the balance of power – a world without it is simply universal anarchy or universal dominion.[31] However, while the balance of power is certainly the most viable and the best outcome, it does not mean that the balance of power itself is not dangerous. In the case of World War I, the very cases of the states creating alliances – the British, the French, and eventually the Russians against Germany, Austria-Hungary, and Italy – as well as the military buildup of states such as Germany, both of which are aspects of the balance of power theory, inherently made the European arena even more insecure, despite the best attempts at keeping the continent as secure and with as little tension as possible.

_______________________________________________________________________________

Works Cited

Best, Antony. International History of the Twentieth Century and Beyond. Abingdon: Routledge, 2008.

Jervis, Robert. “A Political Science Perspective on the Balance of Power and the Concert.” The American Historical Review 97, no. 3 (1992)

Joll, James, and Gordon Martel. The Origins of the First World War. 1992.

Nye, Joseph S. Understanding International Conflicts: An Introduction to Theory and History. New York: Pearson Longman, 2009.

Wight, Martin. Power Politics. New York: Continuum, 1978.

_______________________________________________________________________________

[1] Wight, Martin. Power Politics. New York: Continuum, 1978.

[2] Jervis, Robert. “A Political Science Perspective on the Balance of Power and the Concert.” The American Historical Review 97, no. 3 (1992)

[3] Ibid, 717

[4] Ibid, 717

[5] Wight, 184

[6] Jervis, 717

[7] Ibid, 717

[8] Ibid, 718

[9] Ibid, 720

[10] Nye, Joseph S. Understanding International Conflicts: An Introduction to Theory and History. New York: Pearson Longman, 2009.

[11] Ibid, 34

[12] Best, Antony. International History of the Twentieth Century and Beyond. Abingdon: Routledge, 2008.

[13] Wight, 164

[14] Ibid, 170

[15] Ibid, 170

[16] Ibid, 170

[17] Best, 18

[18] Nye, 56

[19] Best, 18

[20] Wight, 173

[21] Nye, 50

[22] Ibid, 50-1

[23] Joll, James, and Gordon Martel. The Origins of the First World War. 1992.

[24] Ibid, 73

[25] Ibid, 73

[26] Ibid, 73

[27] Ibid, 73

[28] Ibid, 73

[29] Ibid, 73

[30] Ibid, 79

[31] Wight, 184

Yesterday in my Social Movements class, we were discussing the successful rise of the far-right, and how this rise did not come as a surprise to any of us. In recent years, the radical right has been extremely successful in regards to framing their movement and their agenda, to the point where they are starting to influence across the political spectrum. Below is an essay I wrote for my Political Sociology tutorial at Oxford that breaks down the circumstances behind the rise of the radical right, and the reasons why it has been so successful.

A few things to note:

1. I wrote this essay just a few weeks after the election, so some things may not be 100% up to date.
2. As you will probably notice, this essay is generalized in the sense that it is not specific to the United States. Rather, it explains the rise of the radical right globally. These theories can be applied in both the United States and western Europe.

Why have some extreme-right parties been more successful than others in recent years?

            Over the past fifty years, political institutions across the world – from Europe to North America to Latin America – have undergone a fundamental shift in how internal politics are run. New political parties have emerged on the basis of particular issues, including immigration and regional autonomy.[1] According to Bonnie M. Meguid, these “niche” parties have threatened the electoral and governmental dominance of mainstream parties.[2] The growing electoral support of these groups has led to these groups gaining significant influence of the shape and nature of government coalitions, key policy decisions, and the electoral strategies of mainstream parties.[3] These third parties have made too many gains in too many countries to still be considered a simple passing phase or temporary phenomena that will eventually fade.[4]

Over the past several decades, new political parties have begun to flood political arenas in countries across the world. Meguid refers to these parties as niche parties, which differ from stereotypical parties in three distinct ways. Firstly, niche parties reject the traditional class-based orientation of politics.[5] Instead of prioritizing economics, niche parties politicize issues that they believe have been ignored or placed outside of the dimensions of traditional party competition.[6] For example, the Green Party first emerged in the 1970s to call attention to environmental protection and nuclear disarmament. Radical right parties emerged in the 1980s and 1990s demanding the protection of patriarchal family values and a somewhat nationalist, immigrant-free society.[7] Secondly, the issues raised by these parties often do not coincide with existing lines of political division.[8] Thirdly, niche parties often limit their issue appeals. Voters often perceive niche parties as single-issue parties – thus, they do not benefit from pre-existing partisan allegiances, which means that they have to rely on the salience and attractiveness of their single policy stance for voters.[9]

Since 1960, over 54% of green, radical right, and ethnoterritorial parties in Western Europe have held a seat in a national legislature.[10] Donald Trump was just elected President of the United States, attracting radical right-wing voters who were tired of the mainstream party system. Even in instances where niche parties have failed to attain seats, their electoral strength has subsequently gone on to influence the fortunes of others, such as the rise of the French radical right party, The Front National, being able to defeat the Socialist Party and the Gaullists in 1997 in France.[11] To give an overall picture – a study conducted regarding third party voting in Western Europe over time showed that in the early 1980s, third party support remained flat, with the radical right often being excluded from parliament due to failing to meet necessary vote thresholds.[12] A sudden surge gathered momentum in the mid-1980s onwards, until parties reached a slight plateau in the early 2000s. In summary – over those two decades, popular support for third parties almost tripled.[13] This leads to these third parties gaining significant advantages – after initial entries into local government or national parliaments, parties that have successfully been able to consistently consolidate support over successive elections are able to gradually gain status, resources, and legitimacy. This leads to these groups building grassroots party organizations, select better and/or more experienced candidates, and expand access to the media and to public campaign funding, all of which provides a springboard for even further advancement.[14] Access to legislative office then often provides resources such as access to public funding, political patronage, and media coverage between elections.[15]

What explains the rise of the radical right? An initial list includes ten distinct proposals:

1. A post-industrial economy
2. Dissolution of established identity / fragmentation of culture / multiculturalization
3. Emergence and/or growing salience of sociocultural cleavages
4. Widespread political discontent / disenchantment
5. Convergence between established parties in political arenas
6. Popular / widespread xenophobia / racism
7. Economic crisis and/or unemployment
8. Reaction against the emergence of New Left and/or Green parties/movements
9. A proportional voting system
10. Experience of a referendum that cuts across old party cleavages.[16]

However, these perspectives can be further categorized into three main schools. The first, and the most common approach, is the sociological approach, which emphasizes structural trends that alter popular demands within any given society, particularly those developments in regards to socioeconomics and political attitudes of the electorate, which in turn generate opportunities for new parties.[17] These accounts focus on long-term, “bottom up” conditions and secular trends in society as a whole – primarily the growth of a marginalized underclass in postindustrial economies, patterns of migration flows, and/or the expansion of long-term unemployment – which are all believed to have exacerbated public demand for these third parties who gear towards the “losers’ in affluent societies.[18] The radical right is strongest when there are five distinct conditions: a. new waves of immigration, asylum seekers, and refugees have raised public concerns about this issue; b. the electorate has become discontented with mainstream parties and there is widespread distrust of the political system; c. a breakdown in traditional class/religious cleavages that structure mainstream political affiliations and party loyalties; d. cultural backlash against the rise of postmaterial values; and/or e. cuts in the welfare state, growing levels of job insecurity, and rising unemployment generating newfound social risks and disadvantages.[19] These structural conditions are fairly persistent and enduring developments in society that constrain the behaviors of all actors within the political system.[20] The relationship between society as a whole and the parties involved involves some level of endogeneity – in the long term, public policies can transform society, e.g. through welfare cuts or legal restrictions on the influx of immigrants, asylum seekers, or refugees.[21] Politicians who want to shape or alter public opinion by utilizing populist rhetoric of the fear of “outsiders” can raise the salience of the issue within the political agenda. It is difficult to find the reasons behind the popular explanations. Some accounts blame increasing job insecurity and rising unemployment rates, with the assumption that radical right support is strongest among the poor and less-educated populations who are threatened by rapid socioeconomic changes.[22] Other studies emphasize the rise of a new social cleavage, in cases where the “politics of resentment” are concentrated among an “underclass” of low skilled, low-qualified workers in inner-city areas.[23] The politics of resentment also ties into the idea that populist rhetoric taps into public disaffection and distrust of the political system.[24]

A second model is the supply-side factor model. This approach suggests that the demand-side analysis above is too simplistic, and instead chooses to emphasize what parties can do through their own personal agency.[25] Supply-side approaches focus on patterns of party competition, including their placement on the ideological spectrum, as well as the actions taken by the radical right and the interaction of both of these factors.[26] This approach focuses primarily on the anti-immigrant and economic policies in radical right manifestos, as well as the communication channels and rhetorical strategies these parties use, the characteristics and popularity of their leadership, and the financial resources and organization of these parties.[27] Studies suggest that the spatial location of mainstream parties on the ideological spectrum constrains opportunities for the expansion of the radical right.[28] In countries where the major parties on the left and right converge in a more moderate center, as well as in societies where mainstream parties fail to address issues of immigration and economics that concern the electorate, this is when the radical right has the greatest chance to maximize their support.[29] Other studies have found that when mainstream parties attempt to coopt the radical right’s signature issues, it actually ends up legitimizing the radical right.[30]

The third approach is the more traditional approach of focusing on institutional contexts, particularly emphasizing formal electoral rules that constrain both supply and demand within the marketplace.[31] This model analyzes the formal and informal rules that determine the nomination, campaign, and election process, which then in turn influences both party supply and public demand.[32] These rules also set up thresholds for exclusion (i.e. the minimum share of the vote required to secure a seat).[33] What is less well established are the informal / indirect effects concerning how the legal rules shape the norms, attitudes, and behaviors of parties and citizens, including the calculations that are made in anticipation of how the formal mechanisms work – these effects include strategic contests, strategic campaign communications, and strategic voting.[34]

Which parties are successful and which ones are not? According to Elizabeth Carter, the parties that embraced an “authoritarian xenophobic, a neoliberal xenophobic or a neoliberal populist type of party ideology” were more likely to find electoral success than parties that adopted either a neo-Nazi or a neo-fascist ideology.[35] The most successful forms of right-wing extremist ideology are ones in which culturism (new racism) is favored over classical racism, and in which fundamental values, procedures, and institutions of the constitutional state are not full on rejected.[36] By contrast, those parties that embrace classical racism and call for a wholesale replacement of the existing democratic order face significantly less electoral success.[37] This suggests that parties that adhere to classical racism put off electorates. Parties that distinguish between groups mainly on the grounds of race rather than culture, that stress the inequality of the races, and that embrace major anti-Semitic beliefs are “beyond the pale” for large sections of the electorate.[38] On the other hand, parties that believe that differences exist between different groups of people on the basis of culture instead of race, and that stress the incompatibilities of different cultures, seem to be much more inviting to electorates.[39] Parties that also fully reject the existing democratic order and its institutions are seen as being too “extreme” for most voters – instead, these voters would prefer significant reform on the established system.[40]

The findings further indicated that party organization and leadership are extremely key factors in explaining why certain parties of the extreme right find electoral success while others do not. This arguably is the most important variable in explaining electoral success of these extremist parties.[41] Right-wing extremist parties that are well organized and have strong leadership perform better at the polls (an average of 6.5 percent more of the vote) than badly organized and poorly led extremist parties.[42] The data suggests that electorates are more willing to support parties that exhibit cohesion and coherence, thus presenting themselves as credible actors. Badly organized parties cannot always compete in all constituencies, thus limiting their ability to achieve high electoral scores before even reaching the electorate.[43]

The ideological positions of these parties also have a significant effect on the right-wing extremist party vote.[44] The more right wing the party of the mainstream right, the lower the right-wing extremist vote has to be.[45] Similarly, the degree of ideological convergence between the parties of the mainstream left and right influences the right-wing extremist vote in a significant way.[46] As the mainstream parties become more ideologically similar, the right-wing extremist party vote subsequently increases.[47] Convergence between the mainstream parties is more likely to result in anti-party sentiment within the electorate.[48] This allows right-wing parties to have a greater ability to play the “anti-establishment card” and to claim that if voters want change, then they have to vote for an extreme right candidate because voting for a mainstream party would maintain the status quo since they resemble each other so significantly.[49]

In conclusion, extreme right parties fill a very specific niche role, and have found a way to permanently disrupt the political order in countries around the world. The election of Donald Trump in the United States is the perfect example as to why we cannot ignore third party voters anymore. Third parties have often tailored their party’s messages in order to appeal to the masses that are upset at the current government, promising “real” change instead of continuing the status quo of a two-party system. By appealing to the “losers” of society, third parties have been able to make massive headways into political arenas.

[1] Meguid, Bonnie M. “Competition Between Unequals: The Role of Mainstream Party Strategy in Niche Party Success.” APSR American Political Science Review 99, no. 03 (2005): 347-59.

[2] Ibid, 347

[3] Golder, M. “Explaining Variation In The Success Of Extreme Right Parties In Western Europe:.” Comparative Political Studies 36, no. 4 (2003): 432-66.

[4] Norris, Pippa. Radical Right: Voters and Parties in the Electoral Market. New York, NY: Cambridge University Press, 2005.

[5] Meguid, 347

[6] Ibid, 347

[7] Ibid, 348

[8] Ibid, 348

[9] Ibid, 348

[10] Ibid, 347

[11] Ibid, 347

[12] Norris, 8

[13] Ibid, 8

[14] Ibid, 9

[15] Ibid, 9

[16] Rydgren, Jens. “WHY NOT IN SWEDEN? INTERPRETING RADICAL RIGHT POPULISM IN THE LIGHT OF A NEGATIVE CASE.” European Consortium for Political Research, 2001, 1-32.

[17] Norris, 10

[18] Ibid, 11

[19] Ibid, 11

[20] Ibid, 11

[21] Ibid, 11

[22] Ibid, 12

[23] Ibid, 12

[24] Ibid, 13

[25] Ibid, 13

[26] Ibid, 13

[27] Ibid, 15

[28] Ibid, 15

[29] Ibid, 15

[30] Ibid, 15

[31] Ibid, 11

[32] Ibid, 16

[33] Ibid, 16

[34] Ibid, 16

[35] Carter, Elisabeth L. The Extreme Right in Western Europe: Success or Failure? Manchester: Manchester University Press, 2005.

[36] Ibid, 210

[37] Ibid, 210

[38] Ibid, 210

[39] Ibid, 210

[40] Ibid, 210

[41] Ibid, 210

[42] Ibid, 205-7

[43] Ibid, 210

[44] Ibid, 207

[45] Ibid, 207

[46] Ibid, 207

[47] Ibid, 207

[48] Ibid, 211

[49] Ibid, 211

Works Cited

Carter, Elisabeth L. The Extreme Right in Western Europe: Success or Failure? Manchester: Manchester University Press, 2005.

Golder, M. “Explaining Variation In The Success Of Extreme Right Parties In Western Europe:.” Comparative Political Studies 36, no. 4 (2003): 432-66.

Meguid, Bonnie M. “Competition Between Unequals: The Role of Mainstream Party Strategy in Niche Party Success.” APSR American Political Science Review 99, no. 03 (2005): 347-59.

Norris, Pippa. Radical Right: Voters and Parties in the Electoral Market. New York, NY: Cambridge University Press, 2005.

Rydgren, Jens. “WHY NOT IN SWEDEN? INTERPRETING RADICAL RIGHT POPULISM IN THE LIGHT OF A NEGATIVE CASE.” European Consortium for Political Research, 2001, 1-32.

There’s a video currently going around my Facebook newsfeed that brings up the question of privilege. For those of you who haven’t seen it, I’ll try to keep this as short as possible. In this video, a white man recalls a conversation he had with an African American man who cursed him out and told him off about his white privilege. The white man proceeded to tell his life story to this African American man, explaining the struggles of his past and his own lack of privilege in regards to his parents’ divorce, an abusive stepfather, an incarcerated sibling, etc., and that he worked his way out of these disadvantages to get to the point where he could afford a nice car. In the end, after a long discussion where the white man gives (in my opinion) somewhat patronizing advice to the African American man, the two end up hugging it out and they part ways.

I suppose the video is meant to be heartwarming and inspiring – that no matter where you come from, you can achieve anything – and the white man in this video did get out of a rough home situation to achieve great things. I cannot take that away from him.

However, this man is really missing a few key points about privilege – specifically, his white privilege.

Before I dive into this fully, I will say this: This is a very complex topic. I certainly can’t cover everything in one blog post – hell, I don’t think I’d be able to cover this topic in even five blog posts – but I’ll do the best I can to make this as concise as possible, and perhaps I’ll do a follow-up in the future.

Furthermore, for some, this might be an uncomfortable topic to confront. I can understand that. Some of you may get defensive and react with anger. I am ready and willing to accept that some people will be upset with me over this.

Let’s start with a few basic definitions.

Privilege, in the sociological sense, is the theory that society provides more rights and/or advantages to a specific group of people – this can be related to race, sex, age, gender identity, social class, or religion, just to name a few. This is the most basic definition of privilege that I can come up with. Privilege becomes a lot more complex when one considers these different inequalities together, and how certain people have more privileges than others. I’ll use myself and a close friend of mine as an example. I am a non-white, university-educated, heterosexual female. This close friend of mine is a white, university-educated gay male. I am disadvantaged due to my sex and my race, but I benefit from my sexuality since I am heterosexual, which fits society’s norms / is the dominant group. My friend is disadvantaged because of his sexuality, but benefits from his race and his sex, which are both dominant groups. We both further benefit from our education levels.

That explains privilege overall. Now, as I outlined above, this piece is only going to focus on white privilege. So…let’s back up a little bit.

Why did I bring up this video?

This video tries to make it seem that everyone starts out on equal footing, and that regardless of life circumstances, anyone and everyone can succeed if they just work hard.

That…is not the case.

Peggy McIntosh, in her highly influential work “White Privilege and Male Privilege: A Personal Account of Coming to See Correspondences through Work in Women’s Studies,” documents a detailed list of privileges that she, as a white person, has over her African-American colleagues. I won’t list all of the reasons here (I’ll include a citation to this article below), but some of the key ones include:

“7. When I am told about our national heritage or about “civilization,” I am shown that people of my color made it what it is.”

“10. I can be pretty sure of having my voice heard in a group in which I am the only member of my race.”

“16. I can be pretty sure that my children’s teachers and employers will tolerate them if they fit school and workplace norms; my chief worries about them do not concern others’ attitudes toward their race.”

“18. I can swear, or dress in second hand clothes, or not answer letters, without having people attribute these choices to the bad morals, the poverty or the illiteracy of my race.”

“35. I can take a job with an affirmative action employer without having my co-workers on the job suspect that I got it because of my race.”

“50. I will feel welcomed and “normal” in the usual walks of public life, institutional and social.” (McIntosh 3-4).

The “invisible knapsack” metaphor is important – McIntosh explains that the “invisible package of unearned assets” that is white privilege is something that she can “cash in” on each day which, as she explains, is “meant to remain oblivious.” (McIntosh 1). Essentially, white privilege within itself has special provisions that allow for white people to have an advantage of over non-white people in society. In her work “White Privilege and Male Privilege,” McIntosh takes this another step further, stating that these privileges allow white people to feel more “at home,” because they control society’s “cultural turf.” (McIntosh 6). In other words, McIntosh, as a white person, could consider herself “belonging” in major ways to society, and could “[make] social systems work for [her]” because she was a part of the main (read: white) culture. (McIntosh 6). McIntosh explains that as white members of society are made “confident, comfortable, and oblivious” due to their “invisible” privilege of being white, other members of society (read: those who are not white), are left “unconfident, uncomfortable, and alienated.” (McIntosh, 8). This “obliviousness about white advantage,” McIntosh rights, is “…strongly inculturated in the United States so as to maintain the myth of meritocracy, the myth that democratic choice is equally available to all.” (McIntosh 8).

Let me outline an example of the invisibility of white privilege – the school system. Below is a (slightly edited) excerpt of a final paper I wrote for my Race and Ethnic Minorities class at Case Western that outlines institutional racism and educational disparities among various racial/ethnic groups in the United States.

/////////

            Institutional racism is the most prominent type of racism, yet it is the hardest to see because it is not found in individual actions. Rather, it is found in everyday business practices and policies that disadvantage minorities and provide advantages to members of the dominant racial group, and it is often written off as “just the way things are” (Fitzgerald 11). Education as a societal institution is inherently raced, and most schools are racialized spaces, where cultural biases influence perceptions of spaces as belonging to whites or belonging to everyone else (Fitzgerald 223). Institutional racism is interlocking, historical, and cyclical. Institutional racism is interlocking because it overlaps with other types of oppression such as class oppression, is historical because it is rooted in historical practices and actions, and is cyclical because institutional racism is recurrent.

The graphs Kathleen Fitzgerald references that educational attainment is related to race. The graph of Lifetime Educational Attainment by Race from 2010 shows that non-Hispanic whites are more likely than any other group (Blacks, Asian Americans, and Hispanics) to have a high school diploma (only about 7 percent do not), while Hispanics are the most likely to not have graduated high school (31 percent) (Fitzgerald 217). Asian Americans are more likely than any other racial or ethnic group to have earned an associate, bachelors, or graduate degree (Fitzgerald 217). Dropout rates for most racial and ethnic minorities are also incredibly high compared to white and Asian-American dropout rates. Although the dropout rate overall has decreased to about 7.4% compared to 15% in 1972, dropout rates are still much higher for minority youth. For example, 15.1% of Hispanics and 12.4% of Native Americans are high school dropouts (Fitzgerald 218).

The history of education for people of color is one that is filled with years of segregation and other blocks to receiving a quality education. Back in the 1800s, white parents who could afford to send their children to school did so without the risk of discrimination. Minority children of color, however, faced a lot of segregation and barriers to education. Slaves were denied education, and it was illegal to teach a slave to read or write. Even after the war was over and the slaves were emancipated, educational success achieved post-Civil War was short lived: after Reconstruction ended, state governments in the South began to retake control of schools, and these governments were led by Southern Democrats who believed the education of blacks was dangerous (Fitzgerald 230). Since these black children were of a lower economic class and also lived in poorer segregated neighborhoods, black schools in these segregated neighborhoods also received significantly less funding. Black children were prevented from attending schools with white children up until Brown v. Board of Education in 1954 (Fitzgerald 230). Class and socioeconomic status are factors that determine where one lives and what level of educational attainment a person achieves. Class and socioeconomic status have definitely played a role in the education of children of color. This is why education is institutionally racist – because race and class have simultaneously played a role in the segregation of schools.

In the late 1880s, the children of Chinese-American immigrants had a separate “Oriental school” created because they were not allowed to attend schools with white children (Fitzgerald 234). Schools for Mexican-American children also were defunded and received substantially fewer resources than schools for white children. The segregated schools of Mexican-American children were also specifically designed to train them for subordinate roles in society, so that these children would end up with cheap labor jobs (Fitzgerald 235). Native American children were also segregated, but beyond that, the education of Native American children was created in such a way to deliberately erase the cultures of Native American tribes and promote white European culture (Chen et al 2-3). These factors are all other reasons for why education is institutionally racist – because education has deep historic ties in regards to the segregation of minority students from white schools.

Despite the fact that schools today are legally desegregated, some amount of school segregation is still around. A study done at the Brookings Institution showed that two-thirds of minority students still attend schools that are predominantly comprised of minority students. Most of these schools receive substantially less funding and fewer resources compared to those schools in predominantly white suburban neighborhoods (Darling-Hammond n.p.). The inner-city schools that are predominantly minority students also tend to be much larger population wise, have larger class sizes, teach less difficult curricula, and have less qualified teachers, and studies have shown that these four factors can greatly hinder the success rates of students. According to Linda Darling-Hammond, a researcher at Brookings, “Inequitable systems of school finance inflict disproportionate harm on minority and economically disadvantaged students” (Darling-Hammond n.p.). A study done at UCLA shows that all of these factors together (less funding, fewer resources, less difficult classes, etc) “…tend to produce lower educational achievement and attainment— which in turn limits lifetime opportunities—for students who attend high poverty, high minority school settings” (Orfield et al. 38-39). This is the reason why institutional racism is cyclical and why education as an institution is an example of institutional racism. The historical limitations of students of color in the past have in turn affected students of color today, creating a cycle of fewer educational opportunities and further oppression.

Okay…This was a long one. I’ll end this one here and maybe I’ll do an update on this one later. Thanks for reading!

Love,

Tasha

/////////

Works Cited:

Chen, Kitty, James Kigamwa, Erin Macey, Juhanna N. Rogers, Marsha Simon, Seena Skelton, and Kathleen King Thorius. “The State of American Indian Education: Equity Considerations.” Great Lakes Equity Center (2013): 1-10. Nov. 2013. Web.

Darling-Hammond, Linda. “Unequal Opportunity: Race and Education.” The Brookings Institution. N.p., 01 Mar. 1998. Web.

Fitzgerald, Kathleen J. Recognizing Race and Ethnicity: Power, Privilege, and Inequality. Boulder: Westview, 2014. Print.

McIntosh, Peggy. White Privilege and Male Privilege: A Personal Account of Coming to See Correspondences through Work in Women’s Studies. Wellesley, MA: Wellesley College, Center for Research on Women, 1988.

Orfield, Gary, Erica Frankenberg, Jongyeon Ee, and John Kuscera. “Brown at 60: Great Progress, a Long Retreat, and an Uncertain Future.” (2014): 1-42. The Civil Rights Project. The University of California, Los Angeles, 15 May 2014. Web.

At half ten this morning, I locked the door to Besse 1-16 for the last time, turned in my key, said my last goodbyes, and hopped into a taxi towards Heathrow Airport, as I closed the door on my Oxford adventure.

My study abroad experience has come to an end – and what a whirlwind it has been.

It didn’t hit me until late last night that it was really ending. I spent the whole week fully acknowledging the fact that I was leaving, openly talking about it to friends and tutors but I didn’t get emotional. I was waiting for it to hit me –

And then, it did.

I suddenly realized that with my leaving now, I wouldn’t be returning in six weeks for another term. Furthermore, I wouldn’t be returning in October to go through another year at Oxford.

It was over.

And it hurt.

I spent most of last night in tears as I said goodbye to some of my closest friends. (Shoutout to everyone who put up with me last night as I cried). I’m usually not one to cry and get very emotional – I tend to hide my emotions – but I couldn’t hide them this time. I hugged my friends countless times, not wanting to let go.

I thought I would cry again this morning when I was leaving…but I didn’t. Instead, I left with a smile on my face as I realized that yes, this amazing, life-changing year is over, but I am leaving a better person, with incredible close friends, a wealth of newfound knowledge, and a lifetime of memories that I will cherish for the rest of my life.

I’m not sure what else I can say that hasn’t already been said – so the rest of this post will be a series of photographs of some of my favorite experiences from this past year.

And with that…thank you, and goodbye.

(PS: Look out for a blog post on my summer plans coming shortly).

Uhhh…It’s been a while.

Sorry. Flay me for it.

I know I’m behind on a lot – my trips to Austria, Slovenia, and the Czech Republic, plus my first few weeks of term (This week marks the halfway point of Trinity…can you see how behind I am?), but I wanted to write this quickly.
Today marks one year to the day since I left Case Western.
One year.

I had always planned on studying abroad – but I never initially planned on doing a full year. I was actually vehemently against it at first. I didn’t like Case Western my first year (for reasons that are not worth getting into) to the point where I was strongly considering transferring schools. Starting in my second year, however, things were looking a lot better. I made better friends and got closer to my sorority sisters, I was enjoying the clubs I had joined, and my classes were great. I didn’t want to risk losing that by going away for a full year. Eventually, I was swayed (thanks to my parents and my brother) and I took the plunge and applied to study abroad for a year.
And that’s how I got to where I am today.

I’ve been thinking a lot about what my life is going to be like when I do eventually return to the U.S., even more so now that my year abroad is almost over and my return to the US is fairly imminent. What will it be like to be back at Case Western? How will I feel? Will it be easy going back to a university system that I am, at this point, very unaccustomed to? Will I be able to reintegrate myself into the community? Will I be able to rebuild friendships and get back in touch with people that I haven’t talked to in a full year? How much will I miss Oxford? Will I be able to preserve the friendships I made during my year abroad?

It’s a lot to think about, and it’s honestly slightly terrifying not knowing the answers to these questions now. I can only hope that my return to the US and Case Western is smooth, and that I can enjoy my senior year to the fullest extent.

For now, though, I still have another month left at Oxford. Plus, I’m now spending the summer in Europe. And I intend to make the most of my time left.

Much love,
Tasha

A/N: Typing this from a hotel in Vienna with absolutely atrocious Wifi, and it’s going much slower than usual. Apologies in advance for any typos and/or grammatical errors!

A few weeks ago, a friend of mine visited Auschwitz. I asked him how it was, and he described it with a short phrase: “It was weird.”
Confused at his choice of words in the moment but not wanting to push the issue, I let it go, and our conversation continued onto other matters.

After visiting the Dachau Concentration Camp just outside Munich, Germany, I can fully understand what he meant.

Walking through Dachau felt…weird.

Let me explain.

For people who do not know the history of Dachau, it was the first Nazi concentration camp, constructed in 1933 as a camp for political prisoners. Over the next twelve years, the camp’s prisoners extended to Jews, criminals, gypsies, homosexuals, Jehovah’s witnesses, and prisoners of war. Dachau also was the last to be liberated, on April 29, 1945.

Being a history major, I have read extensively on the history of World War II, Nazi Germany, and concentration camps. During my sophomore year at Case, I wrote a historiographic essay (A/N: not a spelling error, this is actually a thing) on the use of medical torture in concentration camps (Easily one of the most interesting yet stomach-turning papers I’ve ever had to do research for).

Reading words, however, can only do so much. History demands to be felt.

Walking into Dachau, it’s mostly barren and quite stark, as a majority of the buildings have been torn down, with the few buildings remaining primarily being exact replicas. There were seven imposing watchtowers on the outskirts of the camp (all replicas – the originals were torn down by the Americans upon liberation). A giant ditch, barbed wire, and a 10,000 volt electrified fence dashed any hopes of escape for the 188,000 inmates that ended up in Dachau. The barrack we walked through was a good ten degrees colder than it was outside, and the rooms were claustrophobically small. We walked through Baracke X – the gas chamber, or “shower room,” as it was meant to be called – but it was never used, and to this day, historians are not sure why.

Dachau was a site of terror and brutality. Prisoners lived in constant fear of being flogged, tortured through tree and/or pole hanging, or being shoved into standing cells for days. Diseases spread like wildfire throughout the camps, especially typhus. There was barely any food or medicine, especially towards the end of the war.

I knew all of this before I visited the camp, but walking through the camp was a completely different experience from what I was expecting. In the moment, it was kind of hard to be standing in these rooms, knowing that I felt completely safe here today, while a little over seventy years ago, these rooms were filled with horror, torture, and death for hundreds of thousands of people.

A lot of people ask me why I study history, often joking that I’m “studying unemployment.” I typically laugh it off, and most of the time I respond by saying that I wanted to study something that I thoroughly enjoyed, but my real reason is so much more complex than that. My real reason can be summarized by a simple quote: one of my favorites, by George Santayana:

“Those who cannot remember the past are condemned to repeat it.”

(Interestingly enough, this quote is inscribed on a plaque in Auschwitz. I should ask my friend if he saw it. Or, if he reads this, which he hopefully will, he can just tell me for himself).

This quote – and the idea of remembering the past – obviously does not apply just to historians or historians-in-training like myself. It is the job of my generation as a whole to learn from the past, to learn from the mistakes that the generations before us made, and ensure that we do not repeat any prior evils.

And that, in a nutshell, is why I study history.

With love,
Tasha

PS: Look out for a blog post on my trip to Austria later this week!