Glimpse Senior Correspondents Luke Phillips and Miles Malley spoke to Dr. Paul Pillar about US foreign policy in the Middle East.

Dr. Paul Pillar is a 28-year veteran of the U.S. intelligence community, culminating in service as the National Intelligence Officer for the Near East and South Asia; and is the author of several books on national security, including Negotiating Peace: War Termination as a Bargaining Process, Terrorism and U.S. Foreign Policy, Intelligence and U.S. Foreign Policy: Iraq, 9/11, and Misguided Reform, and Why America Misunderstands the World: National Experience and the Roots of Misperception. He holds a PhD from Princeton University.

The post US in the Middle East: Our Interview with Dr. Paul Pillar appeared first on Glimpse from the Globe.

Emi: Polarization. Again.

Caos. Crisis. Oportunidad. Independencia – Words that Spanish press have used in the last few months to report on and attempt to make sense of the Catalan independence movement. As with any politically fraught situation, opinions are divided, the process is messy and any solution seems difficult to reach. It could be clarifying to look at the people’s viewpoints in case this is party politics or simply a power struggle among politicians, yet the citizens’ opinions are split as well. This case is especially polarized with both Spanish and Catalan politicians refusing to listen to the voices of the moderate – citizens who do not support full Catalan independence from Spain but who want to keep the region’s autonomy.

Catalan’s president declared independence October 27. Soon after Spain dismissed the president and his Cabinet and dissolved the Catalan Parliament of all its powers.

Catalonians are angry. Naturally. Their representatives forced the issue of full secession from Spain so that now the region has lost every bit of autonomy that it once held. This pendulum of politics from one extreme to another is reminiscent of governments in other parts of the world with the polarization in the U.S. Senate as a prime example. Division and disagreements within governments should lead to a healthy consensus that is beneficial for its citizens. However, polarization has become so extreme that it stagnates any progress on any rational decision or it leads to hasty declarations like in this case. If politicians are supposed to represent the people’s best interests, then they’re doing quite an awful job of it by never listening to the opposing side or trying to work together. This pattern of polarization is steadily getting worse and it is unsettling to think of the world’s governments continuing in this direction.

Aziza: The silence of the European Union

In times of weakening bonds among European Union members, the bloc’s leaders fear little more than a wave of empowered independence movements potentially throwing some of its strongest pillar states into political instability and chaos. Northern Italy is home to such an independence movement, independence groups in Corsica have been active for decades, and Flanders has been flirting with the idea of splitting away from Belgium as well. If Catalonia were to successfully secede from Spain, independence movements around the continent could gain significant momentum.

So what should European Union leaders do? Thus far, they’ve remained silent. Leaders have called the crisis an “internal affair” and denounced calls for the European Union to take a stance. After Spanish police forcefully tackled protesters during the referendum, Donald Tusk, President of the European Council, tweeted: “For EU nothing changes. Spain remains our only interlocutor. I hope the Spanish government favours force of argument, not argument of force.”

Other international organizations were more explicit in their response. The United Nations High Commissioner for Human Rights, Zeid Ra’ad Al Hussein, said, “I am very disturbed by the violence in Catalonia on Sunday.” Human Rights Watch called for an independent investigation into the Spanish police strategy during the referendum. European Union leaders might perceive getting involved as too risky, fearing the spread of independence movements and growing internal instabilities in its member countries. But with EU leaders rarely shying away from an opportunity to criticize internal affairs in Poland and other Eastern European states, they may have something else to lose in Catalonia’s secession crisis: their credibility.

Katerina: Monarch of the few, not the many   

A growing trend in 21st century monarchical politics has been a disappointing lack of action in time of internal crisis and unrest. Since tensions have escalated in Spain between the pro-independence coalition of Catalonia and the rigid central government, King Felipe of Spain has commented twice on the issue, both times condemning the Catalonian separatists. In late October, King Felipe stated that Spain was facing an “unacceptable secession attempt” which undermined Spain’s united, historical battle against a tyrannical dictatorship in the 1970s. Although his words seem praiseworthy, King Felipe has utterly marginalized a large portion of his nation due to his lack of empathy. This situation is largely reminiscent of Queen Elizabeth II’s ambivalence during the Scottish independence movement. Many criticized Her Royal Highness for calling for a united Britain, as many of her private residences were situated in Scotland. Although in the 21st century, monarchs have taken up a largely aesthetic and inactive role in both external and internal politics, their people expect more in times of crisis.  The role of a modern monarch is to empathize with their people, understand their worries and fears (no matter how socio-economically removed they may be from them), and to act as an impartial voice in times of crisis.

Katya: Looking beyond the particularities of Catalonian independence, the movement forces us to reckon with the nature of the world we live in.

In the West today, ‘nationalism’ usually refers to right-wing, reactionary political movements–the Front National, the AfD, the current Republican administration in the US– that draw on feelings of ethnic, historic pride (and superiority). Whenever nationalist separatist movements do flare up, they tend to do so in peaceful, civilized and democratic ways. The Scots had their referendum; the IRA laid down their arms in 2005. The Texan secession movement is fought through bumper stickers, beer-fueled soliloquies at dinner tables and Confederate flags on front porches. Even staunchly pro-independence Texans recognize the absurdity of the claim (when they sober up), and the fact that less than 200 years have passed since the state was an independent country has no real or perceived political sway.

Violent (or successful) secession movements no longer have a place in polite political society–leave the fighting to the Ukrainians and the jihadists. Perhaps some believe (naively) in a post-violence, Western, democratic neoliberal order; perhaps these movements lack the gravity perceived as a prerequisite for violence.

Catalonia has shattered this perception. Last month, police injured hundreds of protesters in Barcelona, holding up a mirror to the West in the process. Using force against your own citizens as they peacefully assert their democratic will is a bad PR move in 2017, but how far would (and should) a ruler go to hold onto their territory? If the state, no matter how liberal and democratic, exists first and foremost as an end in itself (to prevent anarchy, protect the person and their property, etc–insert your own favorite social contract theory here), how far can a government go to prevent its own dissolution? National self-determination is a decidedly more comfortable value to leverage for your own (economic, strategic) ends in Eastern Europe or the Middle East than to grapple with at home. When citizens decide to pit their notions of liberty and happiness against the strength of your economy, how do you respond?

Spain reacted out of proportion, both in its use of force and in its dramatic political play this week.  It would be wiser to let the movement rise and fall on its own timeline, but now, both the international community and the separatists themselves are forced to take the situation much more seriously. The courts will now take up the issue of legality, but no matter what happens next, a precedent for harsh crackdowns on nationalist separatists has been enacted. The irony is that in stripping the Catalonians of their autonomy, Spain is only fanning the flames of separatist movements, at home and abroad.

Luke: Reflections on the Revolution in Catalonia

I don’t claim to be an expert on European politics or independence movements, and I don’t know much about the recent independence referendum in Catalonia or the subsequent violence and intrigue. What I do know, from my readings of history, is that great questions of sovereignty and subjugation and revolution and the structure of governments- particularly when they’re tied up with great questions of identities, cultures, and ways of life- are rarely as singly moral as their participants and observers at times make them out to be.

So it is, I think, in Catalonia these days. It’s too easy to see the independence movement as the benign, progressive expression of national self-determination, and the Spanish government’s heavy-handed suppression attempts as the barbarous cruelty of a corrupt and illegitimate state with a totalitarian history. However, it’s just as easy to see the independence movement as a chaotic popular insurrection being fanned by demagogues, whose successful consummation could result not only in a weakened Spain, but a further polarized Europe already tottering on a precipice. Neither of these narratives is entirely true; neither is entirely false. Both are held fervently by participants in the drama; both are held by otherwise-disinterested observers.

There have occasionally been murmurings of outright secession and the outbreak of hostilities, a development that would assuredly raise the stakes and passions, and grind the conflict into something more closely resembling ethnic conflict in a failed state than the expression of modern democracy. This seems unlikely but not entirely impossible. More likely is the possibility of this long-simmering conflict reaching no particularly clear conclusion in the near term, with resentments and hatreds stewing further with every compromise reached. The full victory of either side- its attainment of its vision of justice- would be an injustice in itself, in its effects over the long run.

This is the return of history, the deepening cycle of tragic circumstance that will continue to define our disordered, postmodern 21st Century. Statesmen and activists alike should learn to live with moral ambiguity- not only such far-flung locales as Yemen, North Korea, Afghanistan, Nigeria, and Venezuela, but even in the very heart of the liberal world order itself.

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff, editors or governors.

The post Crisis in Catalonia- Our Correspondents Weigh-in appeared first on Glimpse from the Globe.

With North Korea and the US exchanging threats, many are concerned about the prospects of a second Korean War. Glimpse Correspondents and members of USC’s international relations Fraternity Delta Phi Epsilon share their views on the crisis.

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff, editors or governors.

The post The North Korean Threat: A Glimpse-Delta Phi Epsilon Discussion appeared first on Glimpse from the Globe.

Article contributed by alumni Senior Correspondent Jeff Grimes:

2014 was the worst year to date for cybersecurity. In the span of just nine months companies such as Sony, Microsoft and Target suffered crippling cyber breaches causing either major system outages or the compromise of crucial private data. With each new incident, the conversation about cybersecurity has taken an increasingly central position for both the general public and the US government; nonetheless, the overall readiness of the US to prevent and respond to cyber attacks has a long way to go.

To help move cyber threat preparedness in the right direction, Hewlett-Packard (HP) announced three security partnerships on April 21 at the RSA Conference, an annual cryptography and information security conference held this year in San Francisco. The partnerships are with FireEye, the publicly traded Milpitas, CA-based network security company specializing in cyber threat forensics and protection; Securonix, the private Los Angeles-based security intelligence company specializing in monitoring and detecting cyber attacks; and Adallom, the private Menlo-Park based cloud security company specializing in enterprise software-as-a-service (SaaS) application security.

According to HP, the partnerships represent a “new school of cyber defense” that will focus on protecting the interactions between users, applications, and data exchanges. This line of thinking may seem obvious, but it in fact represents a sea change from the traditional “perimeter defense model” that has dominated enterprise security for decades.

If we imagine an enterprise; which for the sake of simplicity we can define as a company’s servers, datacenters, applications, employee computers and internal networks; as a large circle, then the perimeter defense approach consists of surrounding the circle with a shield comprising of a firewall and an intrusion detection system. This strategy is cheaper and easier than its chief alternative, the act of protecting each individual entity inside the circle with its own smaller shield (that is, individually securing all networks and devices). Although industry experts have long believed that the “hard exterior, soft interior” approach of the perimeter defense model is vulnerable, the majority of tech companies have implemented it due to its cheap cost and ease of implementation compared to its laborious and expensive alternative.

The theory behind the perimeter defense model is that if a cyber incident occurred, then the firewall and application proxies, rather than the sensitive backend system (likely the attackers’ ultimate target), would absorb the impact of the attack. The intrusion detection system would alert the proper employees within the enterprise of the attack and they would respond to the attack before sensitive data was compromised or system outages began to occur.

While this system has always been far from perfect, the recent elevation of cyber incidents has made its fragility more apparent. According to the Identity Theft Resource Center, US data breaches reached a record high 783 incidents in 2014—a 27.5% increase from 2013.

HP’s bold effort must therefore be taken seriously—regardless of the subsequent implementation of its ambitious partnership plans, HP is the one of the first companies to make such a spirited and public effort to challenge the established norms of corporate cybersecurity. Rather than continue to focus on the perimeter, the company and its new partners will prioritize threat analytics and incident response for individual devices. Perhaps the biggest force in rendering the perimeter model obsolete has been the rapid increase over the last few years in the number of smartphones and internet-connected devices used by both individuals and corporations. Combined with tech companies’ reliance on cloud storage, this trend has created a plethora of easy targets for malicious hackers seeking to obtain private data. HP’s approach will focus on security for individual devices, meaning that companies will have more protection against cyber threats given their current IT configurations.

Of HP’s three partners, FireEye has made the most headlines recently. In December, the company closed a $1.05 billion cash-and-stock acquisition of Mandiant Corp, the Alexandria-VA based cybersecurity firm that rose to prominence with the release of its February 2013 report directly implicating the Chinese government in a series of cyber espionage incidents. Although the report lacked smoking-gun evidence, it was helpful in raising public awareness of the cyber threat posed by foreign governments. FireEye was also a key player in mitigating the damage of the Anthem Insurance breach in early February. In November 2014, CBS featured FireEye prominently in a 60 Minutes episode entitled “What Happens When You Swipe Your Credit Card.” The episode was the most watched 60 Minutes episode in two years. On April 12 of this year, CBS featured FireEye SVP-COO Kevin Mandia on the evolving cyber threat landscape during another episode of 60 Minutes entitled “The Attack on Sony.” FireEye’s continued publicity has helped thrust cybersecurity into the limelight for both the US public and for Washington. Cybersecurity’s prominence has been long overdue for too many years—the gravest threats that America will face over the next decade may well be in the cyber realm.

According to HP’s press release, the two companies will collaborate to develop an industry standard for advanced threat protection services and incident response capabilities. FireEye’s Mandiant investigative group will likely play a key role in the partnership. Mandiant’s services are typically expensive, but Mike Nefkens (Executive Vice President of HP Enterprise Services) stated that HP would focus on bringing a co-branded version of its services to smaller companies for a lower price so that the new approach to cybersecurity can have as broad an impact as possible. HP’s new product, if completed, would offer private companies a convenient and comprehensive level of security not previously achieved on such a large scale. Commonly held beliefs in cybersecurity circles specify that if all companies were eventually to upgrade their own systems to the same standard, then the US’s national infrastructure would become significantly less vulnerable to malicious cyber attacks.

HP also said in its press release that Securonix, the second of its three partners, will take on the role of helping HP’s customers to track and identify intruders who present cyber threats. The final partner of the deal, Adallom, will deliver enhanced security monitoring and enable customers to take direct control of cyber incident response.

At this point, none of the companies involved has released additional details on the nature of the deal. Such strategic partnerships are often ostensibly promising at the time of their announcement but fail to develop into anything meaningful; the US should be hesitant to believe that HP’s new partnerships alone can change the face of private sector cyber threat preparedness. HP employs 5,000 security consultants, many of whom manage outsourced security operations for the company’s large clients. If HP puts these employees to work with teams from its new partners in a significant way – that is, if the effort put in by all four companies matches the excitement with which they announced the deal – then this “new school” of cybersecurity defense may be the beginning of a much-needed shift in the private sector’s approach to mitigating the damage from attacks like the crippling incidents of 2014. The Target breach, the Sony Pictures hack propagated by the DPRK and the Lizard Squad Christmas Day hack were all theoretically preventable. The perimeter defense model itself is not to blame for these attacks; each of the victim companies should have been more prepared to detect and respond to cyber threats. Had they used HP’s approach to secure their infrastructures, however, the damage done to their systems may have been much less severe.

While I believe that a major shift in cybersecurity as a result of HP’s partnerships is unlikely and at best several years removed from resulting directly in any significant industry-wide change, HP’s new partnerships may also offer potential for the American government to boost its own expertise. The White House has recently intensified its efforts to bolster relationships with the private sector, sending Secretary of Defense Ashton Carter on a tour of Silicon Valley to network with and glean knowledge from tech giants such as Mark Zuckerberg, Sheryl Sandberg, Peter Thiel and Ben Horowitz. Its public responses to some of the cyber attacks of 2014 have underscored its failure to stay current with cybersecurity trends, and the HP deal, if fruitful, may provide a blueprint for future success.

The US government needs a closer relationship with the private sector to prevent repeat situations of some of the incidents of 2014. When the DPRK launched a crippling cyber attack against Sony in November 2014, the US government’s response characterized its inability to act properly in the wake of cyber incidents. President Obama publicly condemned Sony’s actions in a press conference, despite the fact that the company was attacked by a foreign government and could hardly have been expected to know how to respond appropriately. Furthermore, it took the FBI 26 days to determine that the DPRK was in fact behind the attack. Washington promised a “proportional response” but failed to take any significant action.

Sony could simply have been more prepared for both the prevention of and response to a cyber attack. On the prevention side, the new model that HP is championing provides a good template for tech companies to follow. On the response side, there was little that Sony could have done. To account for the increasingly likely scenarios in which foreign governments (as opposed to small hacker cells like Lizard Squad) are responsible for attacks, the US government needs a clearly defined action plan for collaboration with private companies. Washington essentially left Sony to fend for itself in the wake of the DPRK’s attack, and the results were embarrassing for both parties.

On the day of the attack, the White House should have facilitated a complete analysis of Sony’s network and gathered as much data firsthand from the company as possible. Ideally, enough monitoring systems would have been in place such that evidence of a foreign government’s involvement would have been at least a possibility. The White House should have coordinated the action plans of the FBI, CIA and NSA before sundown and issued a specific and clear message to private sector companies outlining the nature of the attack and describing preventive steps to be implemented immediately. It also should have issued a public statement explaining that Sony was the victim of a cyber attack propagated by unknown sources and that the US government would be working in close conjunction with the company to identify the hackers over the course of the next few days.

These steps may seem implausible considering the US government’s actual response, but the action required to make them a reality is reasonable. Washington needs to make cybersecurity a top priority not just in name but also in practice. Whether it will succeed in forming any meaningful partnerships with private technology companies is unclear.

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff, editors, or governors.

The post HP’s Cyber Partnerships and the Future of US Cybersecurity Policy appeared first on Glimpse from the Globe.