U.S. government needs cybersecurity doctrine, experts say
A comprehensive doctrine could define how the U.S. government will respond to cyberattacks, book authors say
IDG News Service - The U.S. government needs a comprehensive doctrine addressing cybersecurity instead of the current patchwork of policies and agencies dealing with cyberthreats, according to a group of experts.
The lack of an overarching cybersecurity doctrine inhibits the ability of the U.S. and its allies to work together and provides little deterrence for groups that attack the U.S., the experts said during an event to unveil a new book, "#Cyberdoc No Borders -- No Boundaries" at the Potomac Institute for Policy Studies, a technology and science think tank.
Without a doctrine defining the U.S government's response to cyberthreats, the U.S. will "lurch from crisis to crisis," said Timothy Sample, co-author of the book, and vice president at the Battelle Memorial Institute Special Programs Organization, another tech and science think tank.
A doctrine could define several aspects of cybersecurity, including defense against attacks, steps the U.S. will take to deter attacks and ways to safely use the Internet, said Michael Swetnam, co-author and CEO and chairman of the Potomac Institute. The authors wrote the book with the hope of opening a dialog on U.S. cybersecurity doctrine, he said.
The U.S. government needs to define what kinds of attacks it will respond to, added David Smith, director of the Potomac Institute Cyber Center. While U.S. officials say their networks are attacked thousands of times a day, phishing emails promising to share millions of dollars from a Nigerian bank may not qualify as national security threats worth responding to, he said.
But attacks leading to physical damage, or espionage that leads to large intellectual property losses, may require responses, Smith said. The U.S. government should be concerned with the sheer volume of economic espionage that happens during cyberattacks, he said.
"We're talking about a massive robbery of American intellectual property," he said. "We're basically funding the research and development for the People's Liberation Army and the armies of the Russian Federation and a few others. That's serious if that's what's really going on."
The U.S. needs to start thinking about measures to deter those kind of attacks, Smith added. "Deterrence works on a declaratory policy: 'If you do these things, we will do bad things to you,'" he said. "You don't have to be explicit: 'If you do this, we will do exactly that,' but you need to be pretty firm."
A U.S. doctrine should include the development of capabilities for a "full range" of deterrence, ranging from diplomacy to military options, Smith said.
Smith discounted concerns that it's hard to identify the attackers in many cases. Computer forensic methods work better than many people seem to think, he said, and investigators can also look for actions by a country or group outside of cyberspace to find clues.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cyberwarfare White Papers | Webcasts