It seems that the nation is still split on deciding if Cyberwar is a real danger to the US, and if we should focus our defensive and offensive capabilities on it.
Recently, The Register posted an article titled, “Cyberwar hype is obscuring real security threats – The ill-informed leading the ill-informed…” According to the article, UK computer scientists for the Organization for Economic Cooperation and Development (OECD) say that the cyber war hype is effecting the government’s ability to develop an accurate cyber defense strategy.
The article has some very good points, for example they believe that we will never have a pure cyber war attack, but it will be mixed in with conventional attacks. And the media’s free use of adding “Cyber” in front of everything vaguely electronic from terrorism to Wikileaks may be clouding the judgment of many.
And according to the report:
“We think that a largely military approach to cybersecurity is a mistake,” Dr Brown said. “Most targets in the critical national infrastructure of communications, energy, finance, food, government, health, transport, and water are in the private sector. Because it is often difficult to be certain who is attacking you from cyberspace, defence by deterrence does not work.”
Though I do agree with what is targeted, and the difficulty of discovering the true source, I disagree with the statement that defense by deterrence does not work. I believe that unified collaboration and response is our best deterrent.
I do find it interesting though that in the same week that OECD released this report, representatives from both the UK and Australian governments met in Sydney to discuss collaborating on cyber war:
Foreign secretary William Hague and defence secretary Liam Fox are on their way to Sydney to meet Australia’s defence minister Stephen Smith and foreign minister Kevin Rudd at the third Australia-United Kingdom Ministerial (Aukmin) talks. As well as conventional security concerns such as the war in Afghanistan, collaboration on cyber warfare will also be on the agenda.
UK’s Defense Minister Nick Harvey wants the UK to develop its offensive cyberwar capabilities and increase its cyber defense:
“We should also be able to prevent, deter, coerce or even intervene in cyberspace… including the capability to exploit the weaknesses of our opponents,” said Harvey.
What does the United States have to say about this?
US President Barack Obama has addressed the strength – and vulnerability – of the country’s military networks, saying at a White House briefing last year that while “technological advantage is a key to America’s military dominance…defense and military networks are under constant …attacks that are harder to detect and harder to defend against.”
US Department of Defense systems are under constant attack by foreign systems. But what about out private sector systems, is this cause for concern for them?
Deputy Secretary of Defense William Lynn wrote in a recent issue of Foreign Affairs that some “100 foreign intelligence organizations are trying to hack into the digital networks that undergird US military operations” and that some “already have the capacity to disrupt US information systems.”
“It’s only a small step to go from disrupting parts of the network to destroying parts of the network,” remarked director of the National Security Agency, and commander of the new US Cyber Command, General Keith Alexander. “If you think of our nation, our financial system, our power grids – all of that resides on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial systems.”
So if public systems are at risk, is it the responsibility of the government to protect them? Last month Department of Homeland Security Secretary Janet Napolitano said “Cyberspace is fundamentally a civilian space, and government has a role to help protect it.”
So how can scientists claim that focusing on cyberwar is a waste of time, when heads of states are saying that it is a top concern?
Well, truth be told, one thing is that the scientists may not have all of the data. According to the FoxNews article, “Senators say military cyber ops not disclosed”:
The Pentagon failed to disclose clandestine cyber activities in a classified report on secret military actions that goes to Congress, according to a Senate document that provides a public peek at oversight concerns surrounding the government’s computer war capabilities.
Much of the data involved with cyber security and cyber war is classified and will not reach the public channels. As a matter of fact, the Army Corp of Engineers is currently building the NSA a $1.5 Billion dollar cyber-security center in Utah. This is the first such center in response to the Comprehensive National Cyber Security Initiative:
A White House document identifies the Comprehensive National Cyber-security Initiative as addressing “one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter.” The document details a number of technology-related countermeasures to the security threat.
The center will employ 100-200 information technology specialists, mechanical and electrical engineers.
Grading work is already under way for the complex, which is scheduled to include 100,000 square feet for the data center and 900,000 square feet for technical support and administrative space. The center is designed to be capable of generating all of its own power through backup electrical generators and will have both fuel and water storage. Construction is designed to achieve environmentally significant LEED Silver certification.
And from an earlier report:
The NSA said the data center is a component of the Comprehensive National Cyber-security Initiative “aimed at securing the United States’ information infrastructure and coordinating its defense with state and local governments, as well as the private sector.” The data center’s mission is to help the intelligence community meet cyber-security objectives.
Though computer scientists may not agree with them, government officials from the UK, Australia and the US are very concerned about cyberwar, and the threat to the public sector and are taking it very seriously.
Cross-posted from Cyber Arms