U.S. government needs cybersecurity doctrine, experts say
A comprehensive doctrine could define how the U.S. government will respond to cyberattacks, book authors say
IDG News Service - The U.S. government needs a comprehensive doctrine addressing cybersecurity instead of the current patchwork of policies and agencies dealing with cyberthreats, according to a group of experts.
The lack of an overarching cybersecurity doctrine inhibits the ability of the U.S. and its allies to work together and provides little deterrence for groups that attack the U.S., the experts said during an event to unveil a new book, "#Cyberdoc No Borders -- No Boundaries" at the Potomac Institute for Policy Studies, a technology and science think tank.
Without a doctrine defining the U.S government's response to cyberthreats, the U.S. will "lurch from crisis to crisis," said Timothy Sample, co-author of the book, and vice president at the Battelle Memorial Institute Special Programs Organization, another tech and science think tank.
A doctrine could define several aspects of cybersecurity, including defense against attacks, steps the U.S. will take to deter attacks and ways to safely use the Internet, said Michael Swetnam, co-author and CEO and chairman of the Potomac Institute. The authors wrote the book with the hope of opening a dialog on U.S. cybersecurity doctrine, he said.
The U.S. government needs to define what kinds of attacks it will respond to, added David Smith, director of the Potomac Institute Cyber Center. While U.S. officials say their networks are attacked thousands of times a day, phishing emails promising to share millions of dollars from a Nigerian bank may not qualify as national security threats worth responding to, he said.
But attacks leading to physical damage, or espionage that leads to large intellectual property losses, may require responses, Smith said. The U.S. government should be concerned with the sheer volume of economic espionage that happens during cyberattacks, he said.
"We're talking about a massive robbery of American intellectual property," he said. "We're basically funding the research and development for the People's Liberation Army and the armies of the Russian Federation and a few others. That's serious if that's what's really going on."
The U.S. needs to start thinking about measures to deter those kind of attacks, Smith added. "Deterrence works on a declaratory policy: 'If you do these things, we will do bad things to you,'" he said. "You don't have to be explicit: 'If you do this, we will do exactly that,' but you need to be pretty firm."
A U.S. doctrine should include the development of capabilities for a "full range" of deterrence, ranging from diplomacy to military options, Smith said.
Smith discounted concerns that it's hard to identify the attackers in many cases. Computer forensic methods work better than many people seem to think, he said, and investigators can also look for actions by a country or group outside of cyberspace to find clues.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts