As the world’s militaries increasingly move online America’s top generals are looking for creative ways to maintain their superior military advantage. There’s no functional equivalent of nuclear weapons in cyber space and this means coordinated efforts to stop online armies rather than high powered weapons systems.
“The US government must hone its offensive capabilities to electronically attack those who menace America’s interests” said the White House’s Cybersecurity Coordinator Michael Daniel, quickly adding global ground rules for cyber-war have to be worked out first. This is particularly tricky given it is often difficult to attribute an attacker to a specific nation or political faction.
President Obama signed an executive order On April 1st that looks likely to be part of the strategy going forward – no one size fits all solution, rather a host of penalties and response options for dealing with emerging cyber threats.
The President’s bill allows Uncle Sam to impose economic sanctions against people, or nation states, that threaten America using cyber attacks. Daniel, who is the special assistant to the President on cybersecurity matters, told the RSA conference in San Francisco that the US also needs ways to terminate enemies online.
“We need to have a larger toolset to go after what the bad guys are doing,” he said.
“The bar for that is set deliberately high. You’ve got to be posing a significant risk to the national security, the foreign policy, and the economic health of the US, and the disruptions you are causing have to reach a significant level. This is not a tool that’s going to be used on a daily basis for ordinary criminals, but to allow us to go after the worst of the worst.”
Ultimately though there is only so much the government can do on by itself. Daniel highlighted ways in which industries share information and resources to improve their products.
He then cited Underwriters Laboratories, an electrical goods safety testing center set up by the insurance industry to test household products, eyeing such an approach for testing equipment and software that is vital to national security industries using a private sector model. Prevention has always been the best way of dealing with cyber security issues and this trend will continue. The Pentagon recognizes that not only is preventative security effective but its also relatively cheap.
Part of that will require information sharing between government and industry, and Daniel said that Congress is progressing well on laws to help facilitate this.
Controversially Daniel mentioned the CISPA and CISA legislation that will come to a ‘vote’ this week, despite the fact the bills were authored by lobby groups with the intent to sue consumers who infringe intellectual property rights.
While the bills will nominally get a vote this week Daniel said the word in the White House is that both will pass without a problem.
“Our primary tools are not going to be military and intelligence tools for cyber-offense,” he said. “That’s because we are not the only ones that have that capability and we won’t be able to maintain an asymmetric advantage, and have to be prepared for other countries to do the same thing.”