Cyber Lunarium Commission FAQs
In response to our first post last week, the Cyber Lunarium Commission received a number of questions.
FAQ about The Cyber Lunarium Commission
The Cyber Lunarium Commission was established to propose novel approaches to United States cyber strategy grounded in technical and operational realities.
The commissioners of the Cyber Lunarium Commission “moonlight” in cyber policy, drawing upon their experiences in government, military, industry, and academia.
3. How can the Cyber Lunarium Commission be reached?
The Cyber Lunarium Commission can be reached at email@example.com and followed on Twitter at @CyberLunarium.
4. Is the Cyber Lunarium Commission we affiliated with Dave Aitel or any other organization?
No, but we thank him for publishing our work on his platform. Publishing pseudonymously and without affiliation, we seek to present novel approaches to US cyber strategy that will stand on their own merits.
FAQ about Cyber Letters of Marque
1. What is a Cyber Letter of Marque?
A Cyber Letter of Marque (CLoM) is a type of letter of marque that Congress (under their existing Constitutional authorities), would issue to private corporations. This letter would allow CLoM letter holding corporations to conduct limited cyber operations at the direction of the US government against specific organizations that have violated US law or threatened US national security. This activity would otherwise be illegal under the Computer Fraud and Abuse Act (CFAA).
2. How would CLoMs ideally be issued?
CLoMs would be issued with Congressional authority (Article 1 Section 8 of the Constitution) to a specific party for actions(s) against a specific set of targets or for otherwise supporting ongoing US National Security operations, which would be detailed in the letter.
3. How would CLoM holders get payment? Are you suggesting that hackers should extort from their victims?
No, the Cyber Lunarium Commission recommends that payment in most cases be provided by the US government for specific access-as-a-service or other cyber operations initially requested by US government parties. The United States has distinguished between operations in cyberspace for commercial gain and operations for national security since the 2015 US-China cyber agreement, and does not condone cyber operations for commercial gain as China pursues them.
While some may claim that this type of payment - paying contracted organizations for cyber operations - is no longer “privateering,” privateers had similar equivalents in 1813, when Congress offered a substitute for ransom: the U.S. government would pay half of a captured British vessel’s value to any privateer who would “burn, sink or destroy” it.
4. Why can’t the USG alter hiring practices within the government instead of using CLoMs?
There is nothing technically stopping improvements from being made to USG pay scales, culture, clearance issues or bureaucratic limitations; however, these issues have been known about for quite some time and seemingly no improvements can be made. CLoMs would allow the US government to sidestep these issues quickly and effectively. For more information on this topic, see https://twitter.com/David_Kasten/status/1266481567876202498.5. What organizations would be potential targets of CLoMs? Can a CLoM holder target anyone?
No, a CLoM holder could only target organizations authorized by Congress (or an Executive Branch agency delegated authority by Congress). Potential targets, as discussed in future posts include: ISIL and other terrorist organizations, rogue states such as North Korea, and foreign organizations against which there is strong evidence of ongoing interference.
6. Does a CLoM holder have free reign over all operations and targeting? What would a cyber privateer be able to do/not be able to do?
The Cyber Lunarium Commission recommends that Congress provide constant oversight over CLoM holding businesses - in fact, because many of these operators could operate in unclassified environments, Congress would likely have more power of oversight over CLoM holding businesses than over their government counterparts. This oversight could entail: having power over the list of US government sanctioned targets, ensuring an approval process of operation proposals, or allowing certain types of operations while banning others.
Have any more questions for the Cyber Lunarium Commission? Contact us on Twitter @CyberLunarium or at firstname.lastname@example.org.