Commentary: Protecting Europe from China will strengthen the future of NATO

This op-ed originally appeared in EURACTIVE online on June 19, 2019

By: Douglas Lute

NATO, the world’s oldest and most successful alliance, recently turned 70 years old. As a report from Harvard’s Belfer Center explains, the Alliance faces a daunting array of challenges, including some that are familiar like defence spending and Russian aggression.

Other challenges are only now emerging and will become increasingly important in coming years. Especially pressing is the growing strategic competition between the Western alliance and China, which will likely dominate the world scene for the next several decades.

Today the competition with China is mostly economic, not military, but NATO members need to pay attention. Chinese economic investments today can lead to political influence tomorrow, and also have security implications. China’s annual foreign direct investment in Europe grew to $420 billion in 2017, a fifty-fold increase over a decade.

As part of the Belt and Road Initiative, China focuses investments on transportation and communications infrastructure, vital connections to Europe’s huge market with 500 million consumers and one-fourth of global GDP.

With these huge investments, China will gain political influence within European Union governments, as we have already seen in several cases. As political divisions widen within both NATO and the EU, cohesion erodes and these key institutions will struggle to attain consensus on how to address this challenge.

The competition with China includes emerging digital technologies that have significant security implications. Artificial intelligence, quantum computing, robotics and biotechnology may revolutionise warfare, perhaps on the scale of the changes brought on with the development of nuclear weapons in the early years of NATO.

Most attention today centres on the competition for 5G communications networks. While Chinese-made 5G infrastructure tends to be less expensive, it introduces new vulnerabilities because of the potential for the Chinese government to gain access to the networks and the data that travels across them.

Neither economic nor security concerns are likely to completely dominate in the European market as individual Member States weigh costs, benefits and risks. As it stands, the European 5G market is poised to contain a significant amount of Chinese infrastructure.

Economic factors can be balanced with security concerns. European governments can leverage contractual, regulatory and technological tools to mitigate security risks. For example, mandating interoperability between 5G technological components would ensure that one manufacturer, such as China’s Huawei, does not dominate the market.

Without careful coordination among allies to agree on reasonable security measures,  5G competition threatens to divide NATO and the EU politically, lead to barriers to integration, and reduce the overall benefit of 5G to European consumers.

While 5G is the current hot topic, it is just the beginning of competition with China in emerging technologies. In the coming decades, even more sophisticated data-based technologies will mean that both America and the European Union face a long term, geo-strategic competition with China.

Some of these technologies will have even more direct implications for national and Alliance security than 5G, changing fundamentally how NATO deters and, if necessary, fights wars.

Now is the time for NATO — and its most important partner, the EU – to wake up to the challenge from China, while it is still primarily economic and not yet military. Together, the US and NATO allies comprise about 50% of global GDP.

The trans-Atlantic alliance is a strategic advantage for both America and Europe that China cannot match – if we act together. As the competition with China is mainly economic and political, it should be a priority topic for US-EU and NATO-EU consultations.

For example, the US should welcome recent EU initiatives to implement measures to control foreign investment, similar to the Committee on Foreign Investment in the United States (CFIUS). The competition for 5G in Europe is only the opening round in the strategic competition with China.

America and Europe, joined together in NATO, are stronger together.

Commentary: 5G risk is about more than simply securing competitive advantage

This op-ed originally appeared in The Hill on May 17, 2019.

By: Nate Snyder

The dawning of 5G capabilities will revolutionize our telecommunications and online networks. Data transport speeds will increase to 10 times faster than what they are with 4G. As countries across the globe discover and develop new 5G innovations, so too will terrorist organizations, private actors, and lone offenders. If there is a new technology breakthrough with the public at large, it will no doubt be leveraged by bad actors who will develop and discover their own insidious innovations and exploitations.

While working on counterterrorism efforts at the Department of Homeland Security during the Obama administration, I became familiar with how private actors and terrorist organizations exploit any vulnerabilities they can, especially when it comes to online networks and using the internet. These bad actors exploit network vulnerabilities to target and disrupt critical infrastructure, and access and exploit information and people.

It is no secret that the Chinese government has built in capabilities to control the online access of its own citizens. It is also widely known that Huawei is essentially state controlled and influenced. Reports note the company is 99 percent answerable to the Chinese government. Various backdoors, control measures, and surveillance applications have been built directly into the “Great Firewall” of Chinese online infrastructure.

Many of these surreptitious access points and controls are coded into core software and engineered into hardware. While at the Department of Homeland Security, I met with a senior Chinese counterterrorism delegation. I asked them how they address online radicalization to violence. Without hesitation, they replied, “We turn the internet off.” If the Chinese government uses these vulnerabilities to its advantage, you can guarantee that terrorist organizations will also seek to exploit them.

That explains why Prime Minister Theresa May announcing that the United Kingdom will allow Huawei to build noncore 5G functions is a significant problem. Not only is it a British security risk, but it also affects American and allied security. Allowing Huawei onto our collective 5G networks would be like inviting inside a Trojan horse that can be exploited by the Chinese government and other bad actors. The British government has cited compromising vulnerabilities in the Huawei supply chain. Several years ago Vodafone discovered security flaws in Huawei software that, while not fatal, continue to compromise the reputation of the company.

Because of these software and hardware vulnerabilities, likely created with purpose, Huawei and the Chinese 5G supply chain cannot be trusted. The supply chain security is beyond suspicious, and some American allies have already banned the use of Huawei 5G technology. Since the Huawei and Chinese 5G supply chain has more holes than Swiss cheese, it is fair to expect not if but when bad actors will exploit these vulnerabilities.

Some of the greatest deterrents we have against terrorists using online networks and the internet are awareness and intelligence. With Huawei potentially holding a monopoly on the flow and curation of 5G information across the globe, who knows if it will allow adequate access to investigate terrorist threats, emerging trends, threat vectors, and critical data. Huawei will essentially become an all knowing information provider and could handicap the United States and allied intelligence communities. Imagine the embarrassment of relying on Huawei for intelligence to investigate domestic terrorist threats in our own backyard, let alone the potential international ramifications. Even if access is given, the information could be suspicious. Needless to say, bad actors will exploit these blind spots.

The United States should lead the fight for shared principles and ensure competition and interoperability among technology vendors. The Trump administration should focus on building a coalition of our closest allies instead of ridiculing them. This key coalition should push for mandating interoperability among technology providers, ensuring that one company does not become the sole provider for unimagined future technologies like 6G, and tackling risks through diversification and threat dispersion.

The coalition should also demand that Huawei provide the interoperable technology to strengthen noncore technology. Without diversity of secure technology in the 5G ecosystem, the United States leaves itself open to exploitation. Should these demands not be met, the coalition will need to develop new information sharing agreements to mitigate the simple fact that Huawei cannot be a trusted reliable information provider. The United States, along with our closest allies, should lead in the race to develop forward looking and competitive 5G infrastructure technology and policy, or risk falling prey to bad actors. If we are able to get our act together, we still have the opportunity to positively impact 5G development, but we must act now before it is too late. Our national security depends on it.

Nate Snyder is a senior advisor with Cambridge Global Advisors. He was a senior counterterrorism official with the Department of Homeland Security and the Countering Violent Extremism Task Force under President Obama.

Commentary: 5G Is The Essential National Security Imperative Of Our Time

By: Christopher Burnham

The hype around 5G is real—it will change how we communicate, travel, fight wars, drive (or not drive) cars, and educate our children. It will also change how doctors operate and treat and heal the sick. It is the most important modernization of our infrastructure that we can do until quantum computing is perfected. It is also the single most important national security imperative for the US for the next ten years.

In the race to 5G, it’s clear that the Chinese have an advantage because their government can tell companies “give back the spectrum we licensed to you”, and then reallocate it to where it can be the most effective in winning the 5G race. Spectrum in the US (think radio waves), has been given away or sold for pennies by the Federal Communications Commission (FCC) for decades. President Lyndon Johnson made $20 million getting the FCC to sell him radio and T.V. spectrum for two Texas stations for pennies back in the 1940s. That certainly has ended in recent years—just in the last four years the FCC has auctioned off two spectrum ranges for more than $50 billion.

Over the past forty years, spectrum for mobile phones, satellite communications and T.V., GPS services, and hundreds of other applications has been awarded by the FCC to jump-start the communications revolution we now take for granted. To fully implement 5G across all communities in the U.S., the FCC must now figure out how to allocate spectrum from the very lowest frequency to incredibly high millimeter wave frequency. The backbone will be (for lack of a better way to describe it) in the middle frequency—or the part that was given away for free to government satellite companies back in the 1960s, that then became the struggling satellite companies of today. This is known as “C-band spectrum”, and you will see the numbers 3.7 to 4.2 gigahertz associated with that band. C-band is what enables you to watch the championship basketball game on cable TV as it is the backhaul for ESPN and other networks.

However, C-band is not the only spectrum needed to fully implement 5G. Lower and higher frequencies are also needed. The trouble is, it’s a trade-off. Low frequency is great at going very long distances and can penetrate buildings, forests, even mountains and oceans if ultra-low frequency. That is how our submarines communicate back to the U.S. from deep within the ocean. The trouble is, low frequency also means low bandwidth. High frequency has enormous bandwidth. But it can only go very short distances, and rain, snow, trees, let alone buildings, can disrupt or block it. That is why at that end of the proposed 5G spectrum, you will need an antenna every couple 100 yards or so versus current cell phone towers today, which are miles apart.

What the FCC must now do is figure out how to get back all this spectrum and auction it to those cellular companies building the 5G backbone. Other countries have recently held highly successful auctions for this spectrum range. Some of the mid-band spectrum is also controlled by the U.S. military—and is essential for radar. Unused portions of this will need to be reallocated to the FCC for auctioning to 5G companies.

This piece originally appeared in Forbes on April 12, 2019.

Commentary: A Centralized, National 5G Network Would Pose More Harm Than Good

By: Frank Taylor

This op-ed originally appeared in Homeland Security Today, March 20, 2019.

5G wireless technology is poised to become a critical piece of infrastructure at home and abroad, and the efforts well underway by U.S. wireless carriers to develop and deploy 5G are not only a matter of economic security, but also of national security. Not only will 5G mean lightning-fast data speeds upward of 20Gbps that will usher in a host of innovations, but the fifth generation of connectivity will allow for more secure and better connections among Internet of Things, enterprise networking and critical communications. 5G will only grow in importance as federal agencies, like the Department of Homeland Security (DHS) or the State Department, continue efforts to modernize current systems and processes.

However, there has been some recent advocacy for the development of a single, government-owned and managed 5G network. This idea has grown based on fears that China is both leading in the race to 5G and that Chinese network equipment poses a security threat. To be clear, American leadership and security are paramount for the best development of the 5G network, but a nationalized commodity is the wrong approach to ensure the safety and security of American mobile network users. As FCC Commissioner Brendan Carr recently wrote, this is a race between two very different models, “the central planning and industrial policies of China versus America’s free markets.”

Beyond the anti-American nature of a nationalized 5G network, there are already security risks and implications of the increased connectivity between 5G devices. A government network would create more harm than good for several reasons. 

First, a nationwide government network would take years to deploy, launching long after American wireless carriers roll out their own. The U.S. was first to deploy 4G wireless technology, and is already on the cusp of nationwide deployment of 5G technology, as all national wireless carriers have announced plans to deploy a 5G network, with some beginning as early as this year.

Second, the government is not known for being at the forefront of technological advances, nor for having the tightest cyber and data security. For example, one of the largest government data breaches in the history of this country occurred in 2015 when the Chinese hacked the Office of Personnel Management (OPM) database, exposing the sensitive data of more than 21 million Americans. With such a track record, how can we trust the government to secure a single nationwide 5G network?

Furthermore, a single network creates one centralized target for bad actors, like a giant bull’s-eye. Rather, decentralized networks create redundancy and offer a more secure approach to wireless communications.

American companies have also been steadfast in leading the global standard setting necessary for an interconnected 5G platform. Through umbrella standards groups like the Third Generation Partnership Project (3GPP), U.S. companies have been advocating for open and transparent standards for 5G, much as they did with 4G connectivity in the early 2000s. This commitment to open, transparent and impartial standards is necessary to ensure that the American homeland, individual citizens, companies, and the government do not face undue cybersecurity risks.

By its nature, 5G architecture’s unique specifications add many security layers, which is in addition to the many security features that wireless carriers are adding within their networks. These features are necessary to protect the capabilities that 5G brings with it — whether that be enhanced machine learning or driverless vehicle-to-vehicle technology. American wireless carriers have a longstanding history of protecting networks from cyber risks and vulnerabilities, which the federal government does not.

According to 5G Americas, “The mobile wireless industry’s longstanding emphasis on security has been a strong market differentiator against many other wireless technologies which have network architectures that are inherently more vulnerable. Even mobile’s use of licensed spectrum provides a powerful additional layer of protection against eavesdropping on data, voice and video traffic.”

While a government-owned 5G network has some inherent weaknesses, there is a clear role for the government to play in the rollout of 5G. To ensure that our data is secure, and that Americans are not subject to malicious actors through backdoors of foreign technology, the government can maximize its long-established private-public partnerships (P3s). The government can, and should, aid in information-sharing, standard-setting, and adoption of best practices to ensure that our national security needs are met while simultaneously allowing industry to continue leading through innovation. Through the latest reorganization at DHS, which includes establishing the Cybersecurity and Infrastructure Security Agency (CISA), we can ensure that the telecom companies have the latest in cybersecurity intelligence and best practices so that not only will 5G be lightning fast, but also secure. 

Rather than pursuing a centralized network that will take years to build and create unnecessary vulnerabilities, the federal government should facilitate the ongoing industry efforts to usher in the next generation of secure wireless connectivity. Government should not be in the middle of innovation — instead, government should exist to foster innovation.

Press Release: CGA's Jake Braun Testifies Before U.S. House Homeland Security Committee

Washington, DC (February 13, 2019) - Today, Jake Braun, co-founder of the Voting Village at DEF CON -- the world’s largest and longest running hacker conference -- testified before the U.S. House Homeland Security Committee about the cybersecurity threats facing our nation’s elections infrastructure.  Citing DEF CON’s own groundbreaking research that it has conducted over the last two years in the aftermath of the Russian hacking during the 2016 elections, Braun’s testimony represented one of the first times DEF CON was invited to play a prominent role in informing and educating Washington lawmakers on issues of national security.

The testimony also represented a first foray into Washington for the University of Chicago’s Cyber Policy Initiative (CPI), launched last year at DEF CON 26 and currently led by Braun, who serves as its Executive Director. Housed within the Harris School at the University of Chicago, CPI serves as a forum through which hackers, technologists, academics, and the cyber research community can engage policy makers at all levels of government to strengthen our voting systems and our democracy.

“It’s an honor to be here on the Hill wearing both hats today,” said Braun. “Over the last two years, DEF CON has done cutting-edge research to expose and elevate the vulnerabilities in our voting systems -- and now CPI is playing a critical translator role, taking findings out of the ‘hacker’ world and explaining threats and solutions to lawmakers in policy terms, helping to tackle what’s become one of the biggest national security concerns of our time.”

In addition to highlighting the link between national security and protection of our nation’s election infrastructure, Braun highlighted specific vulnerabilities found by the DEF CON Voting Village demonstration, which represented the first public, third-party security assessment of voting machines.

Braun also added, “The attacks on our election infrastructure are not solely an election administration nuisance but rather a national security threat,” said Braun. “This is about our national security apparatus marshalling its resources to do what our nation expects it to do, which is protect our country from existential threats to the United States.”

The hearing, called by Representative Bennie G. Thompson (D-MS), sought to kick-off debate on H.R. 1, the For the People Act of 2019.  Braun was joined by notable election leaders including California Secretary of State Alex Padilla; former Cook County, Illinois, Director of Elections Noah Praetz; Alabama Secretary of State John Merrill; Christopher C. Krebs, Director, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security; and Thomas Hicks, Chairman, U.S. Election Assistance Commission.

Additional Resources:

For a full video of the proceedings, please visit https://youtu.be/EXosdmRSsNA

For Braun’s full testimony, please visit: https://homeland.house.gov/sites/democrats.homeland.house.gov/files/documents/Testimony-Braun.pdf

For the full 2017 DEF CON report, please visit https://defcon.org/images/defcon-25/DEF CON 25 voting village report.pdf

For the full 2018 DEF CON report, please visit https://defcon.org/images/defcon-26/DEF CON 26 voting village report.pdf

###


We’ve Spent Billions on Cybersecurity: How Are We Doing?

This commentary originally appeared in Homeland Security Today, January 30, 2019.

Protecting America’s critical infrastructure — essential to our everyday life — from cyber attacks remains one of our nation’s most important missions. How are we doing?

Not so good, by some accounts. In 2017, a major MIT report concluded that after spending billions of dollars over the past few decades, our infrastructure is somehow less secure than we were 30 years ago. Its authors conclude that “the vulnerability of the systems that power our nation is a national disgrace.”

And this is not merely a theoretical risk. Last April, the U.S. Department of Homeland Security (DHS)  and the Federal Bureau of Investigation issued an alert regarding the worldwide cyber exploitation of network infrastructure devices by Russian state-sponsored cyber actors. In May, the U.S. Department of Justice announced they had stopped a network of more than half a million worldwide web-connected infected devices or “botnets.” And the Office of the Director of National Intelligence has concluded that they “expect that Russia will conduct bolder and more disruptive cyber operations” against our critical infrastructure in 2019.

Despite the recent re-opening of the federal government, Washington will likely remain gridlocked with no consensus plan to protect our critical infrastructure. Without the federal government acting, we will likely end up with a patchwork of potentially confusing and conflicting state and local regulations, which would create a nightmare landscape for business.

Progress, however, is possible and achievable. The same MIT report that paints such a grim picture also concludes that “the pathway to higher ground has been charted.” In addition, a new law was passed in October that formally creates a new federal agency at DHS, the Cybersecurity and Infrastructure Security Agency (CISA), which will become the federal government’s focal point to more strategically catalogue national critical functions and better advise on risk. And while properly organizing and planning is necessary to taking action, so is process. Fortunately, embedded in CISA is a cross-sector, collaborative approach to improving cybersecurity. DHS calls it providing for a collective defense.

So, where do we go from here? Such a process could lead to more widespread adoption of voluntary best practice standards, like the CIS Controls, the set of internationally recognized prioritized actions that form the foundation of basic cyber hygiene — cyber network defense that is demonstrated to prevent 80-90 percent of all known pervasive and dangerous cyber attacks. The Controls, compiled by cybersecurity experts around the world, help implement the goals of the NIST Cybersecurity Framework by providing a blueprint for network operators to improve cybersecurity by identifying specific actions to be done in priority order.

In the oil and natural gas industry – obviously a key sector – most companies already adhere to the NIST framework, and other voluntary standards. For example, a majority of the natural gas pipeline companies that operate about 200,000 miles of pipelines have committed to implementing the updated Transportation and Security Administration (TSA) voluntary pipeline cybersecurity guidelines, further demonstrating the success of public-private collaboration. But not all sectors possess the same resources. Greater adoption of the Controls would further boost critical infrastructure by increasing their ability to defend against common attacks.

There will be no single, silver bullet that magically protects our critical infrastructure from cyber harm. But the CIS Controls and other voluntary best practices are known pathways to stronger cybersecurity. We should redouble our efforts to implement them today.

Brian de Vallance, a former Assistant Secretary for Legislative Affairs at the U.S. Department of Homeland Security, is a senior fellow at the Center for Cyber and Homeland Security at the George Washington University.

Commentary: Energy Sector Cyber Threat Is Real; Greater Collaboration Is Part of the Answer

By: Christopher Burnham & Brian deVallance

This piece originally appeared in Homeland Security Today, October 9, 2018.

In June of 2017, when Wired magazine published a harrowing account of Russia’s hack of the Ukrainian electrical grid, it quickly generated broad discussion about the state of our nation’s cyber defense in the critical infrastructure (CI) sectors. But Washington is nearly 5,000 miles from Kiev, and Russia’s ability to take control of a Ukrainian power company through its IT helpdesk seemed even more remote.

Remote no longer. Dan Coats, the director of National Intelligence, recently testified before Congress that “the warning lights are blinking red again” and that “today the digital infrastructure that serves this country is literally under attack.” In March, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a joint alert of Russian cyber activity seeking to disrupt the energy and other CI sectors.

While much remains to be done, the U.S. is headed in the right direction on cyber. First, there is growing consensus about what constitutes basic cyber hygiene or cyber defense – for example, the Critical Security Controls from the nonprofit Center for Internet Security. In addition, following the release of the federal government’s National Security Strategy last December, the White House issued its new National Cyber Strategy in September.

Earlier this year the Department of Energy unveiled its new Office of Cybersecurity, Energy Security, and Emergency Response (CESER), and the Senate has confirmed cyber-savvy Karen Evans as the office’s first assistant secretary. Just last week, DOE announced $28 million in technologies intended to improve the cybersecurity of power and energy infrastructure.

At the DHS Cyber Summit in July, Secretary Kirstjen Nielsen announced the creation of the National Risk Management Center (NRMC), DHS’s intended home for collaborative, sector-specific and cross-sector risk management efforts to better protect critical infrastructure. It is significant that DHS is highlighting the need to continue to build and strengthen partnerships as a part of fortifying American cybersecurity. As former DHS Deputy Secretary Jane Lute has noted, we have not yet decided, as a society, the precise role that government will play in protecting our national cyber resources. This is consistent with DHS’s enterprise approach of needing more than a single federal department to secure the homeland. Instead, we need the active partnership of all of us: state, local, tribal, and territorial (SLTT) governments; federal and SLTT law enforcement; nonprofit best-practice providers; the private sector; and the American public.

Jeanette Manfra, DHS’s assistant secretary for cyber, provides a cogent roadmap: We need to “create this collective defense model, where we all provide capabilities, authorities, and competencies to make cyberspace safer.”

For their part, the various CI sectors have been diligent in working to combat cybersecurity risk. Some CI sectors, like the natural gas industry, have been investing millions in new technologies to improve distributed control systems, cloud-based services, and data analytics. Additionally, sector-specific Information Sharing and Analysis Centers (ISACs) have allowed for improved information sharing between industry and the federal government. Top ISACs include the Multi-State ISAC, the Oil and Natural Gas ISAC, and the Financial Services ISAC, among other ISACs. Other positive industry actions include adopting voluntary best practices like the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity; participating in cross-industry exercises like Grid-Ex, where CI sectors practice responding to cyber-attacks; and continually educating employees on the latest cyber risks and threats.

With the establishment of the NRMC, Secretary Nielsen has issued a challenge and an invitation: private industry and the various national security agencies need to work together to help make this cross-sector, public-private partnership model a successful approach to increasing cyber defense in critical infrastructure.

The individual partners are making progress. We must now work together to create a collective defense.

IN-THE-NEWS: CGA President Douglas Lute and CGA Senior Advisory Francis Taylor co-author report for the IBM Center for the Business of Government

Recently CGA President Amb. Douglas Lute and CGA Senior Advisor Gen. Francis X. Taylor authored a report for the IBM Center for the Business of Government. The report, “Integrating and Analyzing Data Across Governments - The Key to 21st Century Security: Insights from a Transatlantic Dialogue,” focuses on data gathering, analysis, and dissemination challenges and opportunities across the homeland security enterprise. It especially looks at how improved information sharing could enhance threat prediction and prevention in a transatlantic context.

Lute and Taylor address how stakeholders in the U.S. and Europe can increase the understanding of effective ways to leverage channels involving technology, human capital, organizations, and private sector coordination that meet strategic, mission, and operational needs. The report highlights opportunities for governments to leverage data integration and analytics to support better decision making around cyber and homeland security.

The authors draw primarily on findings from two roundtable discussions with current and former government leaders and stakeholders. The first meeting, held in Washington, D.C. in October 2017, focused on how the U.S. Department of Homeland Security (DHS) information sharing enterprise can have the greatest impact and interaction with partners. The second meeting, held at the U.S. Mission to the European Union (EU) in Brussels in March 2018, focused on how the European Union and other European organizations and member states can work with U.S. agencies to enhance outcomes from improved information sharing.

Given the imperative for transatlantic and cross-sector collaboration to understand and respond to an increasingly complex set of threats facing governments, we hope that this report provides timely insights for public sector leaders and stakeholders.

Download and read the report here.

Commentary: Next frontier of Russian meddling: energy intimidation

By: Doug Lute

This commentary originally appeared in The Hill, August 28, 2018.

Russian meddling in the 2016 U.S. elections is now largely beyond debate. But this focus is too limited in scale and too narrow in scope. This is more than just a challenge to American elections. Russia has interfered repeatedly with democracies in Europe, including a number of our NATO allies. Putin has used cyberattacks, misinformation campaigns and support for rightist parties. He even attempted an overthrow of the government in Montenegro as they approached a national decision to join NATO.  

Another key vulnerability for many in Europe is their dependence on Russian energy, particularly natural gas. While Putin has yet to play this card beyond Ukraine, energy intimidation must be a national security concern among many of our NATO allies. In July, NATO leaders met in Brussels and reaffirmed the role that energy security plays in the common security of the alliance.

 

The European Union, which includes most of our NATO allies, gets about 40 percent of its natural gas from Russia. While Germany has been critiqued for importing about a third of its gas from Russia, allies in Lithuania and Estonia are 100 percent dependent on Russian gas. Concerns increase as the Nord Stream 2 pipeline would increase Russian imports to Europe. If Russia decided to manipulate these energy streams, or even intimidate by threatening to do so, it could cripple the European allies.

NATO is alert to this vulnerability, reaffirming during the recent summit that “it is essential to ensure that the members of the Alliance are not vulnerable to political or coercive manipulation of energy, which constitutes a potential threat.”

Given the dependence of our European allies on Russian energy, it is in U.S. national security interest to reduce Russian potential for influence by diversifying gas sources to Europe. U.S. liquid natural gas (LNG) production has nearly doubled since 2010 and exports of LNG quadrupled in 2017, with exports to Europe accounting for the third-largest share. This is a big step in the right direction as Europe seeks to diversify its energy sources. 

While the U.S. itself remains a massive consumer of LNG, production is expected to grow 59 percent between 2017 and 2050, increasing further the capability of the U.S. to export LNG to our allies. This is, of course, dependent upon adequate infrastructure for exporting and importing LNG, but the U.S. has opened two export terminals since 2016, with four more on the way. On the European continent there are now 28 LNG import terminals, with 22 more terminals planned or under consideration. 

The first tankers carrying U.S. LNG docked at Polish and Lithuanian terminals last year, and we can expect this to increase. This is a classic case where U.S. security interests and economic interests are mutually supportive.  

While expanding American LNG exports to Europe will help, other vulnerabilities remain for energy security. For example, cyberattacks can wreak havoc on energy infrastructure and some critics claim that American LNG companies face particular vulnerabilities. Cyber experts agree that any activity reliant on the internet can be at risk and must be protected. All forms of energy infrastructure face this challenge. As Professor Chris Bronk, an expert in computer and information systems at the University of Houston, recently told Reuters: “coal plants, train deliveries and transmission systems are just as susceptible to hackers as gas pipelines… [and] the stakes involved in a successful nuclear cyber attack are enormous.” 

The U.S. LNG industry takes responsible steps on cyber security. In line with new guidance from the Department of Homeland Security, the LNG industry orients its cybersecurity to the national standards and implements cybersecurity programs based on established best practices, including following the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and sharing information through the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC). While there is no perfect cybersecurity, such steps reduce the risk as we expand LNG production.

Energy security is national security. This means reducing the dependence of our European allies on Russian energy.  It is in the national interest of the U.S. to stand with our allies to do all that we can to help diversify their energy sources, and increased U.S. LNG export capacity provides the means to do so.

Douglas Lute was the U.S. ambassador to NATO from 2013 to 2017. He is a senior fellow at the Belfer Center at Harvard University, and president of Cambridge Global Advisors, a consulting firm with a special focus on national security, and experience at the global, national, state and local levels.