Tracing attack source key to cybersecurity strategy, Chertoff says

Former DHS chief talks of difficulties in creating a national deterrence plan

SAN FRANCISCO -- The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.

Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests.

Such a strategy would need to clearly articulate possible U.S. responses to attacks, which could include diplomatic and other tools.

Chertoff noted that by comparison, physical attacks are relatively easy to track down and respond to. "In the Cold War we could attribute an attack. It was clear where it came from and we could respond," he said.

Finding the source of cyber attacks, though, is far more complicated, he said. While investigators could find the physical systems from which an attack is launched, the owner of the systems could have nothing to do with the criminal activity.

Similarly, he said, it is very difficult for investigators to determine whether attacks are state-sponsored or are being carried out by individuals on their own.

Chertoff said that defense officials still have to determine specific potential responses to cyberattacks, which could include disconnecting attackers from the internet, using diplomatic tools or military action. "We haven't really laid down the rules of the road yet," he said. "It's challenging."

Chertoff's comments come amid growing calls for the U.S. to develop a clearly spelled out formal strategy for dealing with threats in cyberspace.

Recent attacks against Google and other companies from within China, along with dozens of similar attacks against numerous federal agencies in recent years have increased the call for developing a strong strategy.

For example, in a white paper published last month by the Cyber Secure Institute, General Eugene Habiger, a former commander of U.S. Strategic Command for nuclear and deterrence forces, said: "For deterrence to work, the threat of retaliation must be credible enough to alter the cost benefit analysis of our cyberadversaries.

Habiger acknowledged in the white paper that effective cyber attacks can be launched "just as easily from a Starbucks in our own nation's capital as a cave in Pakistan," making retaliation extremely difficult.

"Modestly sophisticated cyberattacks leave almost no trace, no return address," he said. "It becomes extremely to effectively retaliate when you cannot say with certainty who attacked you," he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, send e-mail to or subscribe to Jaikumar's RSS feed .

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon