On the heels of conducting an educational session at PSA-TEC in Colorado last month, I had the opportunity to travel to Washington, D.C. to attend the “State of the CyberSecurity Union” with Adm. Mike Rogers, director of the National Security Agency and U.S. Cyber Command, at The George Washington University.
During my session at PSA-TEC entitled, “Terrorists in Cyberspace – Ushering in a New Era in Cyber War,” I made references to several worst case scenarios, ranging from an unlikely hack and launch of nuclear weapons to poisoning the water supply by shutting down sewage valves and, of course, crashing the electric grid.
The most sobering comment that I gleaned from Adm. Rogers regarded the nation’s lack of cyber awareness and training. Of the 6,200 people that are engaged at U.S. Cyber Command, currently only 50 percent are capable of carrying out the full operational duties of its current mission. Essentially, current training measures are insufficient in core skills and knowledge to adequately prepare people to meet mission requirements.
While most of the conversation surrounded the recent court ruling of the NSA surveillance and bulk data collection activities being determined illegal, I believe that the focus and attention should be placed on providing incentives to would-be adversaries or “hackers” to leave us alone, and a call for joint cooperation and “truces” between intergovernmental and private organizations that exploit intellectual property and trade secrets.
Obviously, this is easier said than done. The U.S. is still reeling from the reputational damage created by the leaking of classified NSA and Department of Defense documents by Edward Snowden. Not only did these documents expose surveillance tactics and processes, but they also provided evidence that we collected surveillance on our allies. Germany, for example, has restricted information sharing with the U.S. except on grave intelligence matters and pulled sensitive government information from U.S.-owned and operated data centers worldwide.
This has come at a time when the nations needs the greatest level of cooperation and coordination with its allies as terrorist groups such as ISIS continue their propaganda and recruitment campaign over the “dark web.” Terrorists groups also now have the capability to use data encryption to secure electronic transmissions, making communications more difficult for NSA to crack. Apple and Google have both publicly commented that they will not provide backdoor access to NSA or any other government agency without court orders.
Cyber is probably the cheapest and most virulent means of warfare today. With an inexpensive computer and an internet connection, a skilled individual with access to tools of varying sophistication can infiltrate and attack a computer with very little knowledge or training.
Alternatives to Cyber War
Although President Obama said in 2015 that “military response to cyber war was not out of the question,” it seems very difficult to pinpoint specifically who launches a cyber-attack as more nation state actors are becoming very effective at either hiding their tracks or using botnets and infected machines from remote locations to launch attacks at the U.S.
I also believe that we should enact more stringent punishment for those found guilty of computer crime and state-sponsored hacking. Recent cyber legislation only deals with international crime and not cyber war.
We should also take a look at an alternative perspective of incentives for not exploiting computer networks for terrorism and criminal activities. If the U.S. could forge an armistice agreement to end cyber-attacks and call for a “cessation” for a specific period of time, international negotiations could take place to appropriately address the global state of cybersecurity and set rules and limits on engagement similar to the Geneva Convention in regulating the rules of combat and protecting individuals outside of a combat zone.
The cost savings from investments in cyber network defense could and should be used to rebuild and strengthen the U.S. physical infrastructure which is already in decay, and address many of the domestic issues facing our nation.
Source: Security Info Watch