The Cohen Group: News: Op-Eds: SOLUTIONS/FATA: What should Obama do about missile defense?


	Archives
	Op-eds

Op-eds

DefenseNews

22 August 2009

Building Cyberdeterrence
To Prevent Attacks, U.S. Needs a 'Cyber-Triad'
By Marc Grossman and Harry Raduege

Last month, America came under attack. On July 4, foreign adversaries launched a coordinated strike in cyberspace against U.S. government agencies from the Treasury Department to the Secret Service. It is still unclear who the ultimate source was, though North Korea is suspected.

This is not the first time our government's digital infrastructure has been attacked. The Defense, Homeland Security and Commerce departments and NASA have all suffered electronic intrusions from unknown foreign entities.

Our allies have suffered similar attacks. In 2007, Estonia came under a devastating cyberattack, with 5,000 e-mails per second overwhelming the computer systems of Estonian banks, ministries, parliament, newspapers and broadcasters, according to the Computer Crime Research Center. It is time the United States takes a page from the Cold War era and builds a cyber-triad to deter cyber assault.

As the U.S. grows more dependent on its information networks, cyberspace has become a battlefield where adversaries are launching virtual attacks of increasing sophistication. The same opponents who hack into our computers to steal data can implant viruses and malicious codes to shut down information systems and deprive our country of electricity, communications and financial services.

And one need only imagine the destruction if enemies broke into the military's "blue force" tracking system, which tells our commanders where friendly forces are located, and changed the designations so that we unknowingly attacked our own forces.

President George W. Bush's administration took important first steps to address this security challenge with its Comprehensive National Cybersecurity Initiative. President Barack Obama's administration is building on this effort.

In his first weeks in office, Obama ordered a comprehensive 60-day review to assess U.S. policies and structures for cybersecurity. And on May 29, the president announced a series of initiatives, including the establishment of a cybersecurity coordinator at the White House to orchestrate policy across the federal government.

Cyber deterrence must become a top priority for this new official. During the Cold War, we built a strategic triad of land, sea and airborne nuclear weapons that deterred an attack by weapons of mass destruction. In the digital age, we need a cyber-triad to deter attacks on our information networks using weapons of mass disruption.

The first leg of this new triad is resilience. During the Cold War, our adversaries knew that a nuclear first strike was futile, because if they hit our land-based missiles, we still had missiles at sea and in the air with which to retaliate. We must build similar resilience into our information systems so cyber adversaries know they cannot cripple the U.S. economy or military.

The second leg is attribution. As last month's attack demonstrates, it is difficult to identify the ultimate source of cyberattacks. In the future, we might be able to trace a cyberattack on America to Europe without realizing that it came from a computer that had been surreptitiously taken over by the Chinese military or North Korea.

If foreign enemies can attack our information networks without fingerprints, they can attack without consequences, and that means they cannot be deterred.

The third leg is offensive capabilities. Our enemies must know that America can launch counterstrikes that can cripple their information networks if they threaten ours.

Unlike nuclear deterrence, cyber deterrence cannot be undertaken by government alone. We need to involve the general public. Today, a significant number of home computers in our country have no firewall or anti-virus software installed. Cyber criminals exploit these vulnerabilities to secretly take over and remotely operate millions of computers, turning them into "bots" for cybercrime and cyberattacks.

One Internet provider is currently tracking 65 million computers worldwide that have been taken over in this way. We need a public information campaign, on par with the Y2K campaign, to encourage every American with a computer to get a firewall - now.

We need to involve private industry, which owns 85 percent of the U.S. information infrastructure. Businesses worldwide lost up to $1 trillion in data through cyber espionage last year, according to McAfee projections, an unparalleled loss of intellectual property.

Finally, we need to involve the international community. Cyber-space has been described as the fifth domain, after land, sea, air and space. We have international agreements governing cooperation and conduct in each of the other four; time has come to do the same in the cyber domain.

With some 1.5 billion people around the world online, cyber-space has become an engine of economic growth, but it is also a growing source of vulnerability. Unlike the Cold War, our adversaries don't need nuclear weapons to attack us. All they need is a laptop and an Internet connection.

To preserve our way of life in the digital age, we must summon the will and the resources to meet this challenge.

Ambassador Marc Grossman is a vice chairman of The Cohen Group and former undersecretary of state for political affairs, and retired Gen. Harry Raduege is a senior counselor at The Cohen Group and chairman of the Deloitte Center for Network Innovation who served as co-chair of the CSIS Commission on Cybersecurity for the 44th Presidency.

Top