After Google-China dust-up, cyberwar emerges as a threat

The episode highlighted cyberthreats facing the U.S., but it's not a war -- yet

1 2 3 Page 3
Page 3 of 3

Other attacks, especially those from Eastern Europe, aim to steal money from banks, businesses, educational institutions and individuals. Most recently, cyberattacks have targeted small and midsize businesses, some of which have been forced out of business or into bankruptcy.

A nexus of bad guys

Increasingly, there appears to be a nexus between the groups committing cybertheft and those doing cyberespionage, said Amit Yoran, former director of the National Cyber Security Division of the DHS and current CEO of NetWitness Corp. Many of the botnets, servers, malware tools and techniques now used in cybercrime are also being used for espionage. "Where traditionally a [state-run] intelligence service would execute their own operations, now they have ties with organized crime," he said.

Those kinds of connections -- loose, fluid and constantly changing -- make fending off cyberattacks difficult. As a result, a successful strategic response means that the intelligence community, the U.S Secret Service, FBI and other law enforcement agencies have to start collaborating more, security analysts say. And more information-sharing between the private and public sectors needs to take place.

The vast majority of the critical infrastructure in the U.S. is owned by the private sector. But most companies have little or no information about the wealth of threat data being collected by intelligence and other government agencies, Titus said. If they're unaware of the threats, they may be vulnerable.

At the international level, moves like the proposal to create a U.N. cyber ambassador who can negotiate cybersecurity matters and articulate U.S. policy are crucial, Titus said. In fact, she wants the State Department to consider installing cyber attachés at U.S. embassies in key countries such as China, India and Russia. That way, the U.S government could quickly communicate with the appropriate authorities in other countries during a cybercrisis. It also gives U.S firms operating in countries such as India and China -- think Google -- a place to turn to immediately when a crisis flares, she said.

The government also needs to focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks, said Karen Evans, former de facto federal CIO under the Bush administration. Getting a jump on an attack would allow government agencies to respond in a coordinated fashion, she said.

No national policy

Evans believes the time has come for the government to formalize a national policy for dealing with cyberthreats. Such a policy should clearly define the thresholds beyond which cyberattacks will be considered an act of war, establish who's in charge among the different federal agencies that would respond to a cyber crisis, and spell out when they are allowed to use that authority.

Few doubt that the U.S. Department of Defense and the NSA could launch crippling cyberoffensives of their own in response to a cyberattack. But a policy framework needs to be in place defining when such an offensive is appropriate, Yoran said. Whether that retaliation means a cyber-counteroffensive or a more conventional military one needs to be figured out as part of U.S. cyberpolicy before a crisis, Yoran said,

"Just as we would respond to a terrorist attack, there needs to be some sort of a response capability," Titus said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon