Modern field guide to security and privacy

Opinion: Will 2015 be the year we shoot back in cyberspace?

After the Sony hack, here are some recommendations for when President Obama should authorize firing back to disrupt Russian or Iranian cyberattack campaigns.

|
Reuters/File
The chiefs of US branches of the military gathered for a Senate Armed Services Committee hearing in May 2014.

This could easily be the year the White House approves a Department of Defense counterattack to disrupt an ongoing cyberattack on a US company.

It has been US policy since 2003 that “the US response need not be limited to criminal prosecution [and] reserves the right to respond in an appropriate manner.” 

Statements by the White House and military leaders have only become stronger since. For example, when he was head of US Cyber Command, Gen. Keith Alexander testified to Congress in 2012 that “any actor threatening a crippling cyberattack against the United States would be taking a grave risk.”

Still, despite the bluster and stated range of policy options, such retaliation hasn't happened – yet. 

After the incredibly dangerous and sophisticated US Stuxnet attack on the Iranian nuclear enrichment program, few nations can doubt the US capabilities to conduct such a counteroffensive. But the last few years of attacks without a military response may give them reason to doubt the US willingness to do so.

The idea of US reticence on counterattacks will strike some observers (say, in Germany or Silicon Valley) as not fitting the facts. But in reality, the eagerness to use cyberspace for spying and covert action is not matched by hawkishness to counter such actions against the US.

Given the North Korean dismantling of Sony Pictures (and have no doubt, Kim Jong-un's online brigades were responsible) the White House is probably sorry they didn’t take a stronger stand against the Iranian attacks on US banks in 2011 and 2012.  

These attacks – which only affected individual banks – were not devastating to the financial sector as a whole, so they were allowed to continue with little official response. Despite repeated requests from the banks under attack, the US government provided no digital bailout (the words “moral hazard” were sometimes used), and it was left up to banks to defend themselves.

In the aftermath of the incidents, the US government never called out Iran specifically and the White House didn’t authorize US Cyber Command to disrupt the computers coordinating and carrying out the attack. The government was possibly self-deterred because of ongoing negotiations with Iran or a perceived lack of legitimacy after Stuxnet was revealed.

Perhaps, if the US had taken a more muscular stand, North Korea might have had second thoughts, though that might be asking too much of that particular regime. At least the military would have had some practice in how to respond to nation state disruptive attacks.

It is no surprise, on the other hand, that there was no outgoing cyberfire to suppress the Sony assault. The worst damage was done as soon as the attack became apparent, with all the information already stolen, while the most likely targets to retaliate against were located in China. There’s no way the US would take that shot for such limited gains.

We might not have to wait so long for the next state-sponsored disruptive attack, and it may be far more dangerous. Russian President Vladimir Putin perceives a deep conflict with the West and if his economic back is against the wall, he may unleash a just-deniable-enough attack, covering the West in flagless “little green bytes” so that we feel concomitant economic pain.  

Iran might also feel it has little to lose and much to gain if the nuclear talks fail. Should talks break down and Congress take action, the ratcheting of sanctions (and the possibility of military strikes) could entice them to lash out in cyberspace.

Either Russia or Iran would present a far more dangerous adversary than North Korea’s against Sony. That was a one-off attack on noncritical infrastructure while Russia and Iran would almost certainly bring a full campaign of attacks, a string of Sonys, but directed against more economically important targets.

Post-Sony, it is likely the White House will feel compelled to support US companies by authorizing the Pentagon to at least disrupt the incoming attack. In fact, US Cyber Command is already organizing teams for exactly that mission and you can bet they will be chomping at the bit.

Prior to that day, the National Security Council will need a decision matrix on when to authorize a counterattack to disrupt a foreign nation’s disruptive attacks against US entities. 

Such a matrix must incorporate at least the following criteria:

  1. Criticality of the target to the US economy, security and society;
  2. Possible impact of a successful attack (for example, attacks on a bank’s trading system are in a far different class than attacks on its websites);
  3. Likely identity of the attacking nation;
  4. Geopolitical context, especially if a counterattack will cause further escalation;
  5. Likelihood a counterattack will cause collateral harm either in the adversary nation or in bystanders’; and of course,
  6. Likelihood that a counterattack would succeed.

Nations are increasingly choosing to actively fight in the grey space between all-out war and true peace. The scope, duration, and intensity of cyberconflicts have consistently increased for over two decades. 

US counterattacks might be just the thing to raise the costs for adversaries who feel they can attack US companies with impunity. Of course, it might also spur on others to counter attack against our own cyberoperations and continue the spiral of escalation. 

Planning for the next, more dangerous Sony is the first step towards ending up on the best side of that equation.

Jason Healey is the director of the Cyber Statecraft Initiative of the Atlantic Council and editor of the first history of cyber conflict, "A Fierce Domain: Cyber Conflict, 1986 to 2012. You can follow his thoughts and analysis on cyberissues on Twitter @Jason_Healey.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Will 2015 be the year we shoot back in cyberspace?
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0313/Opinion-Will-2015-be-the-year-we-shoot-back-in-cyberspace
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe