Google-China Spat Sets Stage for Cyberwar
Those kinds of connections -- loose, fluid and constantly changing -- make fending off cyberattacks difficult. As a result, a successful strategic response means that the intelligence community, the U.S Secret Service, FBI and other law enforcement agencies have to start collaborating more, security analysts say. And more information-sharing between the private and public sectors needs to take place.
The vast majority of the critical infrastructure in the U.S. is owned by the private sector. But most companies have little or no information about the wealth of threat data being collected by intelligence and other government agencies, Titus said. If they're unaware of the threats, they may be vulnerable.
At the international level, moves like the proposal to create a U.N. cyber ambassador who can negotiate cybersecurity matters and articulate U.S. policy are crucial, Titus said. In fact, she wants the State Department to consider installing cyber attachés at U.S. embassies in key countries such as China, India and Russia. That way, the U.S government could quickly communicate with the appropriate authorities in other countries during a cybercrisis. It also gives U.S firms operating in countries such as India and China -- think Google -- a place to turn to immediately when a crisis flares, she said.
The government also needs to focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks, said Karen Evans, former de facto federal CIO under the Bush administration. Getting a jump on an attack would allow government agencies to respond in a coordinated fashion, she said.
No National Policy
Evans believes the time has come for the government to formalize a national policy for dealing with cyberthreats. Such a policy should clearly define the thresholds beyond which cyberattacks will be considered an act of war, establish who's in charge among the different federal agencies that would respond to a cyber crisis, and spell out when they are allowed to use that authority.
Few doubt that the U.S. Department of Defense and the NSA could launch crippling cyberoffensives of their own in response to a cyberattack. But a policy framework needs to be in place defining when such an offensive is appropriate, Yoran said. Whether that retaliation means a cyber-counteroffensive or a more conventional military one needs to be figured out as part of U.S. cyberpolicy before a crisis, Yoran said,
"Just as we would respond to a terrorist attack, there needs to be some sort of a response capability," Titus said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.