Twitter Facebook Google RSS
Homeland Security News 

Can Peace Prevail in Cyberspace? 


By Stew Magnuson 

The prospect of an assault on the United States through its networks has been a doomsday scenario for a number of years.

It has often been couched in real-world military strategic terminology. “Attribution” is one of these words. To launch a counter-attack, the United States would need to know who is trying to take down its networks.

In this regard, the best defense is a good offense, according to former Department of Homeland Security Deputy Secretary Stewart Baker.

“We’re not going to win this fight by building better defenses, we’re going to win this fight by making it expensive to attack us,” he said during a discussion at the release of a report, “Cyber-Security: The Vexed Question of Global Rules.”

Baker’s advice was for U.S. Cyber Command to improve those capabilities.

“That means we have to do a much better job of attributing attacks, a much better job of mapping adversaries’ networks from where they are launching the attacks. And then we have to show there are consequences to doing that.”

So will there ever be cybersecurity treaties or bi-lateral agreements as is the case for nuclear weapons?

The report, produced by Security and Defense Agenda, a Brussels-based think tank, said the leader of the International Telecommunications Union, a United Nations body, called in 2010 for a “cyber peace treaty.” But his suggestion has received very little traction.

Ellen Tauscher, undersecretary of State for arms control and international security, told a gathering of Washington, D.C.- based defense reporters that she knew of no such agreements in the works at the State Department.

There are questions of how to verify that treaties are being followed, she said.

Meanwhile, some are wondering what good deterrence is if potential adversaries don’t know what the nation is capable of doing? The year 2012 may be when the Defense Department stops being coy about what it can do in the cyber-offense realm, network security firm McAfee said in its annual Threat Predictions report.

“Will this be the Year of Cyberwar, or merely a showcase of offensive cyberweapons and their potential?” McAfee researchers posited in the report.

There are ongoing discussions about cyberwar: What is the definition? Does it even exist? What is an act of cyberwar? Dave Marcus, director of security research at McAfee Labs, noted in an interview. “All the discussions are setting the stage for potential conflict,” Marcus said.

How do you ensure that an adversary is sufficiently afraid of attacking in the digital realm? In the Cold War, the United States would test a nuclear bomb on a Pacific atoll and share the frightening video footage with the world. Simply talking about responses is not the same thing as demonstrating capabilities, Marcus said. Today, some nations are public about their capabilities and conduct cyberwarfare games. That is not the case for the United States. While military officials acknowledge publicly that they have offensive capabilities, they do not say much beyond that in non-classified settings.

The U.S. military may conduct more public cyber-offense exercises, Marcus predicted. Despite numerous, almost daily, headlines about China and other adversaries penetrating U.S. networks, “we seem to take a very passive stance on all this,” he said. “In the media, we appear to be getting walked all over on a daily basis,” Marcus added.

Baker echoed this. “The American approach to fighting war is to try to be aggressive, yet we have been remarkably defensive in this fight. We need to go on the offense in significant ways,” he said.

Cyber Command, meanwhile, needs to do away with the army of lawyers that sit around deciding what the government can and can’t do in cyberpsace, he added.

Submit Your Reader's Comment Below
The content of this field is kept private and will not be shown publicly.
Please enter the text displayed in the image.
The picture contains 6 characters.
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

  Bookmark and Share