Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Exploitation

The Pervasive Cyberthreat That Goes Unchallenged: The Washington Post

On November 25th, 2011, the Washington Post ran an op-ed from Jack Goldsmith, a Harvard Law Professor and one of the founders of the blog Lawfare.  Mr. Goldsmith made some great points when he argued that the DOD's most recent report establishing the president's ability to use offensive cyberattack is kind of a paper tiger.  That report was meant to establish a US cyber deterrent, but in reality, it may have shown weakness in the US deterrence policy.  Mr. Goldsmith points out that the Pentagon can respond to "significant" cyberattacks, not necessarily the small-scale cyberattacks that the US faces every day.  These smaller cyberattacks are the ones that make off with our intellectual property and represent a "more pervasive" and "more serious national security threat."

Mr. Goldsmith goes on to say that the US government has been passive in the face of cyber exploitations because 1) the US engages in cyber exploitation itself and 2) "cyber exploitations do not violate international law, and thus would not justify a large-scale military response."  So where do we find ourselves?  The US can use offensive cyber weapons in the face of a significant cyberattack, but in reality, it's unlikely that any nation-state with the ability to carry out such a significant cyberattack has the cojones to do so.  Simultaneously, we're bleeding billions of dollars in intellectual property through cyber exploitation/espionage that we can't respond to.  In essence, Mr. Goldsmith finds that "the government has yet to threaten a response to the most common and currently damaging cyberthreats and has limited its public threats to low-probability, large-scale attacks."

After noting problems with attribution, Mr. Goldsmith suggests that the US government respond to these low-level cyberattacks through a mix of low-level retaliation, political and diplomatic sanctions, and my favorite: "publication of embarrassing secrets about foreign governments…"

 

Putin…like some of Vladimir Putin's old modeling photos.

Source: Public domain/Wikimedia Commons

Mr. Goldsmith's big point?  Cyber exploitation is a problem, and the US deterrence policy will lack teeth until the US government addresses it.

The source article can be found here.

Leave a Reply

cyber attack, Cyber Exploitation

The Pervasive Cyberthreat That Goes Unchallenged: The Washington Post

On November 25th, 2011, the Washington Post ran an op-ed from Jack Goldsmith, a Harvard Law Professor and one of the founders of the blog Lawfare.  Mr. Goldsmith made some great points when he argued that the DOD's most recent report establishing the president's ability to use offensive cyberattack is kind of a paper tiger.  That report was meant to establish a US cyber deterrent, but in reality, it may have shown weakness in the US deterrence policy.  Mr. Goldsmith points out that the Pentagon can respond to "significant" cyberattacks, not necessarily the small-scale cyberattacks that the US faces every day.  These smaller cyberattacks are the ones that make off with our intellectual property and represent a "more pervasive" and "more serious national security threat."

Mr. Goldsmith goes on to say that the US government has been passive in the face of cyber exploitations because 1) the US engages in cyber exploitation itself and 2) "cyber exploitations do not violate international law, and thus would not justify a large-scale military response."  So where do we find ourselves?  The US can use offensive cyber weapons in the face of a significant cyberattack, but in reality, it's unlikely that any nation-state with the ability to carry out such a significant cyberattack has the cojones to do so.  Simultaneously, we're bleeding billions of dollars in intellectual property through cyber exploitation/espionage that we can't respond to.  In essence, Mr. Goldsmith finds that "the government has yet to threaten a response to the most common and currently damaging cyberthreats and has limited its public threats to low-probability, large-scale attacks."

After noting problems with attribution, Mr. Goldsmith suggests that the US government respond to these low-level cyberattacks through a mix of low-level retaliation, political and diplomatic sanctions, and my favorite: "publication of embarrassing secrets about foreign governments…"

 

Putin…like some of Vladimir Putin's old modeling photos.

Source: Public domain/Wikimedia Commons

Mr. Goldsmith's big point?  Cyber exploitation is a problem, and the US deterrence policy will lack teeth until the US government addresses it.

The source article can be found here.

Leave a Reply