Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Command, Cyber Exploitation, Official Policy, warfare, White House

As cyber threat shifts, calls for clarity on U.S. policy: Washington Post

On October 11, 2011, Ellen Nakashima reported for the Washington Post on how there have been increasing calls for clarity on US cyber policy.  These calls for clarity have been prompted by a dramatic shift in the cyberthreat; whereas intruders previously aimed to steal information or spy on government networks, now intruders can destroy critical infrastructure and networks.  Current US policy places an “overriding emphasis” on denying an adversary the benefit of an attack by strengthening defenses.  The White House issued a declaratory policy that warned "We reserve the right to use all necessary means — diplomatic, informational, military and economic — as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners, and our interests.”

However, experts like Gen. James E. Cartwright Jr., a prior vice chairman of the Joint Chiefs of Staff, believes that US cyber policy needs to be more explicit.  In considering a cyberpolicy, Gen. Cartwright envisioned  "a national strategy, like we had for nuclear weapons, which said, ‘OK, world, here’s how we’re going to hold you accountable, here’s what we’re going to do to you if you don’t behave right.'" General Cartwright believes that the adversary needs to know the United States has a variety of  conventional, strategic, and cyber options: “We don’t have to launch any of them. We could launch all of them….Until we see the attack, we don’t know which of these we’re going to use. But this is our menu. It’s pretty robust. And believe us, it’s going to hurt.”

Similarly, Dmitri Alperovitch, a security researcher, believes that “We need to start talking openly about our offensive capabilities in cyber and their readiness levels, just as we discuss our ballistic missile arsenals, Air Force or submarine fleets."  According to Alperovitch, ambiguity in US cyberpolicy is counterproductive. 

The source article can be found here.

Leave a Reply