In 2009, Vanguard posed a question to Tom Ridge, the first secretary of Homeland Security and at the time a member of the National Security Preparedness Group, a bipartisan team assessing progress of the 9/11 Commission’s recommendations: “Given the amount of critical infrastructure…that crosses the border, do we need a bi-national strategy? A bi-national command? Something akin, perhaps, to NORAD?”
It’s a question the magazine has asked on numerous occasions since, including to Michael Hayden, former director of both the CIA and NSA. As Cheri McGuire of Symantec notes elsewhere in this isue, the number and sophistication of threats continues to increase.
Yet, while the idea has always met with approval, a bi-national solution does not appear to have gained much traction.
Speaking to the Conference of Defence Associations Institute in February, Admiral William Gortney, commander of NORAD and U.S. Northern Command, acknowledged that the frequency and visibility of attacks are increasing. He said both countries “are conflicted with how we should handle this threat. In NORAD we often debate NORAD’s role within cyber. I tell the staff, our individual nations must first decide how to deal with the cyber threats and once that occurs, then the two nations can work together and can determine a common way ahead, and from that will determine NOARD’s role. It is my hope that it does not take a cyber 9/11 or Pearl Harbor to force us to finally find the solution.”
Admiral Michael Rogers (pictured), commander of U.S. Cyber Command and director of the NSA, told the same audience that “each nation needs to come to its own conclusion first before we start creating something.”
NORAD works, he noted, because each nation has “a high comfort level with the legal framework, authorities and the operational concepts.” To develop something similar in the cyber environment would require both nations to agree on “foundational” principles internally “before we try to put all this together.”
Back in 2009, Ridge said that given the importance of the interconnectedness of infrastructure to the flow of goods, people and energy, “as you go about protecting that, a bi-national group, including the private sector, focused on cyber security as it relates to common assets and common needs seems to me to be a very sound, responsible approach to take.”
Four years later, Hayden argued the need has only increased. “Our cyber space is more integrated than our air space. Therefore, it is absolutely clear to me that this requires close coordination between our two countries. That also means broad agreement on what constitutes a threat, what constitutes an appropriate response, what constitutes suitable privacy, and so on. We have two democracies that have figured out how to do that when you are controlling air space; now we are challenged with how do we do that in this entirely new domain.”