Security & Risk Management Case
Security & Risk Management Case
You are the Special Assistant to the President and Senior Director for Cybersecurity on the National Security Staff.
Responding to North Korea
It is 11:30 on the morning of September 13, 2017 and you’ve been working at the office non-stop lately. Suddenly the secure phone rings and an operator says: “Please hold for the Commander of U.S. Cyber Command.” A moment later you are talking with Admiral Michael Rogers, who is dual-hatted as the director of the National Security Agency.
“Hey there,” Rogers says, “We need you in the Situation Room in 15.” You pack up your things and head to the stairs just inside the East Executive to the meeting.
By the time you get to the small “bin Laden” room in the Situation Room complex – known for the iconic photograph – it is already full. You scan the room, knowing the most important question at any Sit Room meeting is who is invited. The President and Vice President are there, along with H.R. McMaster, the President’s tough-talking National Security Advisor, the FBI Director, and the Secretary of Treasury chatting in the corner. Director of National Intelligence (DNI) Dan Coats enters the room moments later and the meeting gets underway. McMaster starts the meeting, surprisingly channeling prior comments from one of President Obama’s addresses on the challenges of cyber.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. President Obama nailed the fundamentals but we need to take this to the next level. This is arguably a violation of American sovereignty. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe. As I understand it, Pyongyang is actively going after Raytheon and who knows what else. We need to figure out a way to deal with this, and soon.”
FBI Director Wray was the first to speak. He said, “this hack is just the latest attack. This isn’t new to those of us that have been in the game for a while, but we may need stronger responses. We have to impose real costs on people who think they’re alone.think they’re far enough away that it’s a freebie. And the first way we need to do that is, as often as possible, lay hands on people and lock them up.”
McMaster nodded his head in agreement. “We do need to lock them up, or at least lock them down. While it might be hard to track down individuals, we have to do something in light of their cyber operations impacting the public and private sector. This is on the heels of a nuclear testing activity we tried to keep on the backburner. We cannot let this one go unanswered, we need to be strong in our response.”
You thought to yourself that there was no change in behavior after the U.S. indicted five PLA officers not long ago and condemned North Korea’s attack on Sony North America. Admiral Rogers picks up the thread, “Raytheon is important to me because the entire world is watching how we as a nation are going to respond do this. If we didn’t name names here, it will only encourage others to decide, ‘Well this must not be a red line for the United States.’”
Homeland Security Secretary Duke emphasized that Raytheon matters. “We included the defense industrial base sector on the critical infrastructure list,” as she waived Presidential Policy Directive 21.
Secretary of Defense reminds everyone that this is the latest provocation. “Since he took control of the country in 2012, Kim Jong-un has ordered 80 missile tests. In July, the North conducted two ICBM tests. Two weeks ago they conducted another nuclear test.”
Over the past two years, President Trump has talked about everything from negotiation to pre-emptive strikes. During the campaign he said he was willing to sit down with Kim Jong-un, over a hamburger. Since becoming President, he has repeated a similar offer from time to time, while urging the Chinese to crack down on the North and take the lead on the problem. But as Kim Jung Un has continued his nuclear advance, Trump has escalated his rhetoric. He declared that “the era of strategic patience.had failed.”
Then, after the I.C.B.M. tests, he talked about the “fire and fury” that would be unleashed if the United States felt threatened.
McMaster reminded the room that the Korean border is heavily fortified and we cannot risk escalation with a nuclear North Korea. North Korea has broken nuclear agreements and even got away with sinking the South Korean warship Cheonan killing 46 Sailors in 2010, but we have to find a way to prevent future cyber attacks. Rogers responded, “Merely because something happens to us in the cyber arena, it does not mean that our response has to be focused in the cyber arena.” Secretary of Defense James Mattis was warning that any war on the peninsula would be “catastrophic.”
Treasury Secretary Mnuchin adds “good point Jim, but we have a commitment to hold North Korea accountable for its destructive and destabilizing conduct. We can employ a broad set of tools to defend U.S. businesses and citizens, and to respond to attempts to undermine our values or threaten the national security of the United States.”
DNI Coats followed Mnuchin’s comments, touching on the fact this threat had been on their radar the past several years. “I worked on the briefings for the Senate Select Committee on this exact issue. Pyongyang is certainly pushing the envelope. Cyber attacks are at the top of all the lists that cross my desk, and if we don’t figure out a way to deal with a serious attack like the Sony incident, how do we deal with something worse? The Iranians, Russians, and Chinese all look at other critical infrastructure including power generation, dams, and even places like Wall Street. We need to be decisive here and now as they’re going to keep doing it unless we push back and make it clear North Korea’s provocations and actions are unacceptable.”
President Trump concluded the meeting. “This a tremendous problem and we need the right people to come up with the best ideas. The biggest ideas, something new. But something that works. I told the public we are issuing a report within 90 days on the state of our cybersecurity and newsflash people, it isn’t good. The hacking is bad. Very bad. The North Koreans are doing this to embarrass me and embarrass our great country. I won’t stand for it and the people won’t stand for it. What we do now is going to have a huge effect on what happens next and we need the best ideas. I want options on what we can do and I want them fast.”
Subject: Cyberspace
-This is a MEMO writing
STRUCTURE:
McMaster turns to you and says we need to give the President some real options. -Provide a three-page strategic options memo and prepare one-half page of talking points.
-memo should include standard memo headers (To, From, Re:).
-Don’t be afraid to use bullet points or incomplete sentences and to format the memo in a way that takes maximum advantage of your page and word limits.
*Content/Structure: Strategic Options Memos should include the following sections:
1)Issue: What is the policy question to be answered? A one-sentence summary of the issue facing the policymaker.
2)Relevant National Interests: Why do we care? What specific national interests of the U.S. are engaged by the issue? How much do we care? What do we care about more than other things we care about? From the perspective of American national interests, what matters more than other things that matter? Vital interests are “conditions that are strictly necessary to safeguard and enhance Americans’ survival and wellbeing in a free and secure nation.”
• See “Commission on America’s National Interests”. Using that framework, identify national interests impacted by specific challenges in the case.
3)Analysis: What is the shape of the challenge? Analysis of the dynamics of the challenge with special attention to drivers and trend lines. Not a history lesson. Instead, key facts, causal factors driving trends that the busy decision maker may not recall vividly but that are essential in examining potential interventions to advance U.S. interests.
4)Operational Objectives [optional]: Given interests, threats, opportunities, and the capabilities that can mobilized, in many cases, it is useful to summarize one or two operational, achievable objectives to advance national interests identified above in addressing challenge. What should we try to achieve now by intervening in current dynamics? Avoid vague or tangential goals.
5)Strategic Options: What are the major strategic alternative courses of action? What are the pros and cons of each? Identify at least 3 distinct strategies that could be implemented to achieve the operational objectives and advance the national interests identified earlier in the memo. Each option should have a brief label that captures its essence. Assess pros and cons of each. Each option should be realistic, feasible, and presented in its strongest form. Do not write the decision maker a “sandwich memo” in which two unreasonable options are presented, making the third option (that you recommend) the only feasible choice.
6)Recommendation: A concise (generally one-sentence) summary of the option you recommend and why you recommend it.
7)Implementation: Brief summary of initial steps policymaker would take to implement the option recommended, for example, consultations with allies, engagement of Congress, etc. Where feasible, include indicators of effectiveness or early clues about whether the strategy is succeeding, or needs to be adapted or changed.
8)Talking Points:
Talking Points: provide three to five bullets the national security advisor can use when discussing the recommended option with the media.
As you write each of the above sections of your memo, you should keep the following in mind:
-Incentive: Let the decision maker know why he or she should address this issue now. Why is it an important issue? Why can’t it wait?
-Brevity: Be brief. Don’t tell the decision maker what he or she already knows. Put yourself in the decision maker’s place: what facts and analytic insights are essential for making a sound decision? Avoid overly elaborate analysis and the temptation to show off technical skills.
-Bias: You often cannot avoid having a personal point of view. But you can avoid slanting the assumptions or options.
-Leaks: Memos often receive wider distribution than their authors intend. While frankness is important, consider how your memo would look on the front pages of national and/or local newspapers.
-Big Picture: How does the issue relate to other issues under consideration? Will the consequences of alternative courses of action be importantly affected by developments on other fronts? Keep in mind the “Big Picture” to avoid getting bogged down in irrelevant or trivial details. Place the immediate issue in a longer-term time frame.
-The Boss and the Assignment: Pay close attention throughout to the decision maker’s agenda, expectations and concerns. Answer the question asked. Make certain that you understand your assignment; seek clarifications when necessary.
-Tough Issues: One of the key purposes of memo writing is to illuminate and clarify the toughest issues and address them head on. Sidestepping or blurring these issues will lead to unpleasant surprises for the decision maker-and in turn for the memo writer.
-Uncertainties: Give your best estimate of probabilities. Use numbers, metaphors, or whatever best communicates your judgment about likelihoods. Instead of saying that an outcome will “probably” occur, give your best guess-do you mean “better than even,” “two out of three chance,” or “95%?” It may feel uncomfortable to attach precise estimates, but it is worse to bury your best judgment in ambiguities. It is important to be clear that these are your own best estimates based on available information.
-Leave the politics out, for the most part. As a policy advisor or expert, you will be asked for your best insights into what will work in the interests of the United States or your country. Rarely will your boss seek your political advice. Unless asked, don’t offer. Conversations about how to manage this politically (what are the tactics of Congressional relations, etc.) will be handled later and, often, by a different set of people. Of course, your analysis should not be politically naïve.
All of the options should make clear what you propose we do diplomatically, economically, or militarily -including cyber and other means. Don’t forget the pros and cons for each option.
* Your first option should focus on our response to the attack–cyber, kinetically, or other.
* Your second option should focus on a way forward with the North Koreans – how do you get to some kind of “Grand Bargain” that prevents future attacks?
* Your third option should be distinct from options one and two and like the others include pros and cons and a final recommendation. Be creative but realistic in your assessment.
-Attach an appendix (no longer than a half page) identifying questions of fact or analysis that you believe would be answerable by a senior intelligence or NSC official, but to which you do not know the answer. List the questions and provide some indication as to how the questions would likely be answered, and by whom. You should also be including talking points.
