As cyberspace becomes a new domain of national security, government agencies confront challenges to balance rights of private citizens with the wellbeing of the state, an expert said at an event Monday. 

Cyberspace is a unique domain in that it is a single integrated space that people from all nations and walks of life share and use for both private and public activities, making it hard to regulate, said Deb Crawford, research technical lead at a joint National Security Agency (NSA)/North Carolina State University (NCSU) applied research laboratory. 

“These activities are all co-mingled [in cyberspace],” Crawford said. “The networks that the military uses to control their logistics supply chains are the same networks that adversaries or hackers use to intrude our systems of interest, and also the same networks that we are using to send emails, texts and pictures.”

The talk was the Duke Cyber Club's first public event. The group was launched this year in order to raise campus-wide awareness about cyber-related national policies and social changes. 

Junior Justin Sherman, president of the club, said he co-founded the club with junior Rebecca Diluzio because they recognized a lack of curricular and extracurricular opportunities on campus for students to learn about cyber-related national policies and regulations in the technological field.

“The goal [of the club] is to bridge computer science and areas such as public policy and politics,” he said.  

As Crawford explained in her talk, making and executing policies related to cyberspace, requires coordination between a large number of government agencies, such as the Department of Defense, the Department of Justice and the NSA. All departments operate under the national security strategy raised by the president, and a separation of responsibilities is critical to a smooth cooperation. 

“The big questions are who is responsible for what piece and even more importantly, why are they responsible for that,” she said. 

Crawford noted that sometimes attribution of responsibilities can be difficult because an issue may fall under the realms of multiple agencies. Thus, it is important to classify the issue into the most relevant category and then hand it over to another branch when more information is available. 

“We always treat [the issue] the way it’s classified so that we can at least get a start on how we are going to give a response,” she said. 

The openness of cyberspace also lowers the cost of cyber “attacks"—network intrusions aiming to access confidential information, Crawford added. 

“It doesn’t matter who you are, whether you have physical resources or a lot of money—as long as you have access to the Internet, you could [attack another cyber network],” she said. “You only need to be clever.”

Crawford accedes that because the U.S. government does not own many private commercial cyber infrastructures, implementing cyber policies regarding private companies is often challenging, especially when it is hard to define whether an issue is related to national security.

The Department of Homeland Security, for example, will coordinate with private firms to work side by side, maintaining a active communication to make sure both sides understand each other so that they can work out a plan to protect the privacy of American citizens, she added. But such coordination cannot be compulsory. 

Respecting the rights of private firms and citizens creates obstacles for executing policies but is also key to the U.S. democracy, which is—according to Crawford—a “good pain.”

“It is important for me to know I am protecting democracy, the Constitution, the invaluable rights given to the U.S. population,” she said. “It makes things more difficult, but it’s part who we are.”