According to an EUOBSERVER article by Valentina Pop, dated October 5, 2010, the United States has proposed a NATO-wide "active cyberdefense" initiative as part of "a new Nato 'Strategic Concept.'" According to the article, reception to the proposal has been less than warm. Despite needing only a consensus to be adopted, the Strategic Concept faces tough opposition, due in large part to the Pentagon's "active cyberdefense" proposal.
The article quotes an unidentified diplomat as saying "[a]ctive cyberdefense is a very sensitive topic. Many experts have brought it up, that in order to have defense, you need offense as well. I would be very surprised if Nato at 28 will find consensus to include it."
The Pentagon's push for NATO-wide active cyberdefense comes as a result of 2008 attacks on the U.S. Military's "classified military network." The article paraphrases U.S. Deputy Secretary of Defense William J. Lynn as saying that "Passive defense systems are sufficient to meet 80 percent of attacks. But the other 20 percent need active systems, such as sensors that operare at network speed to detect and block intrusions."
The rationale for the U.S.'s push for NATO-based "active cyberdefense" is a recognition that "military networks cannot be safe unless other critical infrastructures, such as power grids and financial networks, are protected." The article mentions Stuxnet, a computer worm with a suspected origin in the U.S. The worm operates by exploiting non-military infrastructure systems, with the effect of reeking havoc on military systems. According to the article, "[o]ver 60 percent of reported Stuxnet cases are in Iran."
According to Deputy Defense Secretary Lynn:
"The Cold War concepts of shared warning apply in the 21st [C]entury to cyber security. Just as our air defenses, our missile defenses have been linked so too do our cyber [defenses] need to be linked."
Although European allies are looking to defend against "Estonia-type cyber strikes . . . they are showing little appetite for [the] U.S.-model 'preemptive cyber-strikes' on hostile countries or [organizations]." According to the article, those "Estonia-type cyber strikes" paralyzed bank and government websites in 2007.
The full text of the article can be found at the link above, or here.
Leave a Reply