The Rice Stuff

Criticized unfairly on decades-old Africa policy, Susan Rice has shown she's got the right temperament to be secretary of state.

The debate surrounding Ambassador Susan Rice's possible nomination to be secretary of state is stuck in a Washington echo chamber, reverberating between the content of Benghazi talking points and U.S. inaction during the Rwandan genocide in 1994, when Rice was on the National Security Council. Neither point of departure is particularly revealing. I served as one of Rice's senior deputies for nearly four years while she was assistant secretary of state for African affairs, and would point to several events from those years that tell us considerably more about what kind of secretary of state she would be.

When Rice became assistant secretary in 1997, the prevailing attitudes toward Africa was that tax dollars spent on the continent amounted to "money down a rat hole," as the late Senator Jesse Helms (R-NC) so memorably, and disastrously, characterized it. Indeed, Helms's sentiment -- and considerable influence -- was a significant factor in the decision to close USAID offices across the region and slash U.S. development assistance in health, education, and other social programs during the mid 1990s.

In early 1998, however, President Bill Clinton made an unprecedented swing through Ghana, Uganda, Rwanda, South Africa, Botswana, and Senegal to highlight the democratic and economic progress being made on the continent. As a key player in organizing the trip, Rice persuaded Clinton's most senior advisors that the president should commit to restoring U.S. assistance to "historic levels." By the time Clinton left office, U.S. assistance to Africa had reached $935 million, up from a low of $670 million in 1996.

Throughout that presidential trip and her four years as assistant secretary, Rice worked with singular focus to persuade the administration and Congress that the United States had interests in Africa worth investing in. It was a fundamental break with prevailing Cold War attitudes toward the continent, and one that hints at the forward-looking mindset that Rice would bring to the job of secretary of state.

The Clinton administration's enlightened approach, nurtured in no small part by Rice, contributed to the emergence of a bipartisan consensus on the Hill that created the transformative African Growth and Opportunity Act in 2000 and, subsequently, President George W. Bush's anti-HIV/AIDS initiative, first funded at $15 billion and increased to $48 billion in 2008. Today, trade with Africa supports more than 100,000 jobs in the United States and both initiatives continue to be cornerstones of the U.S.-African relationship.

In addition to cultivating ties with Africa that were based on mutual interest and respect, and which prioritized trade, investment, and job creation, Rice worked tirelessly to manage a range of crises during her tenure in the Clinton administration. Three of them bear mentioning.

In May 1998, a border skirmish broke out between Ethiopia and Eritrea, igniting what would become the deadliest war in the world at that time. (Nearly 100,000 people died between 1998 and 2000.) Together with Anthony Lake, the White House special envoy and former national security advisor, Rice spearheaded a protracted diplomatic effort in close partnership with the Organization of African Unity that led to a ceasefire in 2000 and a broader peace deal later that year. Rice was tireless in her communications with all parties and adept in retaining the respect of both the Ethiopian and Eritrean leaders, who had become implacable foes.

Also during Rice's time at the State Department, what became known as "Africa's first world war" erupted on Congolese soil, involving at least 11 neighboring countries. Rice again helped drive a diplomatic process that led eventually to a ceasefire between the various governments, a phased withdrawal of their armies from the Congo, and the deployment of a major U.N. peacekeeping force to oversee that withdrawal. As Ambassador to the United Nations, Rice has remained engaged in supporting a peaceful settlement to the continuing conflict in eastern Congo.

Finally, in the mid-1990s, prior to her appointment as assistant secretary, Rice helped cobble together an international coalition in response to the massive human rights abuses perpetrated by Sudan during the north-south civil war and the country's involvement in terrorist activities. She drove the effort to sanction Khartoum in the U.N. Security Council and helped to craft the comprehensive unilateral U.S. sanctions on Sudan that stand to this day. Once back in office as ambassador to the United Nations, she worked assiduously to support African-led negotiations that ended the north-south war and ensured that the referendum for South Sudan's independence occurred peacefully and as scheduled. The newest state in the world owes its existence, in part, to Rice's sustained effort over nearly two decades.

Rice's tenure at the United Nations, especially her success in persuading the Security Council to impose the toughest-ever sanctions against Iran and rallying support for the resolution to intervene in Libya, which passed 10-0, with China and Russia abstaining, should be seen against the backdrop of her dedicated diplomacy as assistant secretary in some of the world's most difficult conflicts. As secretary of state, Rice would remain focused on crisis diplomacy, but she would also continue to promote trade and investment, democracy, and economic progress as she did as assistant secretary of state.

One criticism of Rice that has been repeated often in recent weeks is that her candor and blunt style would be a liability as secretary of state. My experience working closely with her for nearly four years suggests the opposite.

As assistant secretary, Rice attracted highly respected and competent individuals to the Bureau of African affairs. The group she assembled, composed of professionals with divergent views and experiences, evolved into a loyal and dedicated team that worked effectively across agencies to create a dynamic policy to Africa. Rice also worked closely with the White House to ensure that nearly every U.S. government agency had an active and innovative Africa program.

In short, Rice was a consensus-builder and a problem-solver -- hardly the divisive and obstreperous character that is portrayed on television by her critics.

Rice's record as assistant secretary and ambassador to the United Nations suggest that she would be an effective and successful secretary of state. In my experience, she is unrivaled in her ability to advance U.S. interests under what are invariably challenging circumstances.


National Security

Is it Legal for the Military to Patrol American Networks?

Posse Comitatus meets the 21st century.

Over the past couple months, the Pentagon has assumed an increasing role in defending American networks. In October, Secretary of Defense Leon Panetta announced new rules of engagement for the Pentagon's cyber operations. "The new rules will make clear that the department has a responsibility, not only to defend DOD networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace." Panetta insisted that the Pentagon would play only a "supporting role," but as James Lewis at the Center for Strategic and International Studies pointed out, "When it comes to cybersecurity, the center of action just shifted." And, indeed, a few weeks ago, the Washington Post revealed that President Obama had signed a secret directive expanding the U.S. military's authority in cyberspace to include defense of non-military networks.

It is a sign that efforts to develop the capacity of the Department of Homeland Security (DHS) to defend cyberspace have not kept pace with the perception of increasing threats. But it's also a sign that the United States is struggling to adapt to a world of transnational threats -- and risks eroding the fundamental distinction between the traditional roles of civilian and military forces in providing security. The Posse Comitatus Act of 1878 has restricted the deployment of federal troops in the homeland since the end of Reconstruction. It enshrined the idea that police forces are responsible for security within U.S. borders, while the military protects against threats beyond the country's borders. That is why only in extreme circumstances -- a natural or man-made crisis -- do we see troops in the streets.

The new policy is essentially the result of a trade-off between authority and capacity: The Department of Homeland Security has the authority, but not sufficient capacity to effectively defend the nation's networks. In contrast, the Department of Defense has better capacity, but not the authority. The choice then is to build up DHS's capacity, leaving the nation less protected in the interim, or expand DOD's authority. (This publication by National Defense University provides a more comprehensive analysis of the various policy options.)

Apparently, DHS has not been coming on fast enough. Lewis notes that "Iran has discovered a new way to harass much sooner than expected, and the United States is ill-prepared to deal with it," referencing the cyberattacks against the Saudi Aramco and RasGas companies. Secretary Panetta points out, "We know that foreign cyber-actors are probing America's critical infrastructure networks.... We know of specific instances where intruders have successfully gained access to these control systems. We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction, and even the loss of life."

So does that mean the Posse Comitatus Act doesn't apply in cyberspace? Or if it does apply, how so? While cyberspace is bound by physical infrastructure located on territory with national borders, cyberspace as a domain is very different from any of the four other territorial domains -- land, sea, air, and space. There is no physical border in cyberspace that an attacker must cross to hit at his or her target, as there was for the British ships in 1777, the Japanese planes in 1941, or the terrorists on 9/11. An attack can happen anywhere within the United States, and in the case of zero-day exploits -- a cyberattack using a previously unknown vulnerability -- without prior warning. How will the government know whether suspicious activity is a criminal matter most appropriate for law enforcement, or a security matter falling within the Department of Defense's mission to protect the nation against threats from abroad in light of the continued challenges to attribute the source of an attack?

Expanding the Pentagon's role is a slippery slope. Not only is the military ill-suited for many civilian tasks -- witness police training in Afghanistan -- it can also easily bump up against civil liberties. For example, the warrantless wiretapping scandal during the last decade included the National Security Agency -- whose director also leads U.S. Cyber Command -- which was authorized by an executive order to conduct domestic surveillance. If the military is taking over cybersecurity simply because it has greater capacity, what will prevent it from being asked to assume ever greater homeland responsibilities in the future? After all, the Pentagon is the largest organization in the world -- it has more capacity when it comes to any number of problems. But capability is not a sufficient argument for policy. It highlights how reactive our current approach to cybersecurity is. It is borne out of immediate necessity to fill the current gap, but we need an effective longer-term plan -- and an exit strategy for the Pentagon's involvement in domestic security. 

The public needs to start discussing how comfortable it is with the military's role in cyberspace. Clearly, some advocates are not: The Electronic Privacy Information Center, for example, filed a Freedom of Information Act request the same day the Washington Post revealed the secret directive, arguing that "transparency in cybersecurity is crucial to the public's ability to monitor the government's national security efforts." Congress faces a choice, too. So far it has not yet passed effective legislation even though both parties agree that there is a need for a comprehensive domestic strategy to protect critical infrastructure. Is Congress more comfortable with the alternative -- the U.S. military becoming increasingly involved in domestic security?

What about the private sector? The U.S. Chamber of Commerce has been blocking action and watering down legislation lest business be forced to adhere to even minimum security standards. It does not suffice that some industry members develop strong security standards while others refuse to adopt them, creating negative security externalities for others in the sector who are trying much harder. Harvard law school professor Jack Goldsmith makes a compelling case: "This is a classic case for government regulation -- indeed, it is the classic case for government supply of the public good we call national defense, since there is every reason to think that the private sector, following its private interests, will undersupply national defense in this context."

Some of the issues cybersecurity entails affect core principles that have been a foundation of democracies for over a hundred years. But extending DOD's authority to manage the cyberthreat should be an interim solution with a sunset clause and an exit strategy for when DHS has the capacity. After all, the Secret Service is also part of DHS and enjoys an excellent yet underreported reputation when it comes to cybersecurity. The Secret Service was able to develop its expertise and become a leader in this field as the Internet spread over the last 15 years. Why should this not be possible at a larger scale for DHS, especially since it was established only a decade ago? The Pentagon plays a crucial role, but as with any crisis in a democracy, using the military should always be a last resort and a temporary state. The administration has been trying hard to address these challenges and Congress demonstrated this year that it considers cybersecurity a top issue. This administration's first cyberstrategy has been called "clunky;" it now has a second term to develop a smoother long-term strategy.