San Francisco — If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.
The primary group responsible for analyzing the need for any cyber counterstrike is the National Cyber Response Coordination Group (NCRCG). The three key members of the NCRCG, who hail from the US-CERT computer-readiness team, the Department of Justice and the Defense Department, this week described how they would seek to coordinate a national response in the event of a major cyber-event from a known attacker.
This week’s massive but unsuccessful denial-of-service (DoS) attack on the Internet’s root DNS, which targeted military and other networks, did not rise to the level of requiring response, but made the possibility of a massive Internet collapse more real than theoretical. Had the attack been successful there may have been a cyber counterstrike from the United States, said Mark Hall, director of the international information assurance program for the Defense Department and the Defense Department co-chair to the NCRCG, who spoke on the topic of cyber-response during the RSA Conference here.
“We have to be able to respond,” Hall said. “We need to be in a coordinated response.”
He noted that the Defense Department networks, subject to millions of probes each day, has “the biggest target on its back.”
But a smooth cyber-response remains a work in progress. The NCRCG’s three co-chairs acknowledge it’s not simple coordinating communications and information-gathering across government and industry even in the best of circumstances, much less if a significant portion of the Internet or traditional voice communications were suddenly struck down. But they asserted the NCRCG is “ready to stand up” to confront a catastrophic cyber-event to defend the country.
“We’re working with key vendors to bring the right talent together for a mitigation strategy,” said Jerry Dixon, deputy director for operations for the National Cyber Security Division at US-CERT. “We recognize much infrastructure is operated by the private sector.” The U.S. government has conducted cyber war games in its CyberStorm exercise last year and is planning a second one.
The third NCRCG co-chair, Christopher Painter, principal deputy chief at the Justice Department, said the cyber-response group also seeks to communicate with 50 countries around the world where monitoring for massive cybersecurity events go on as well. “Some of them have some of the same communications issues we have here,” he noted.
The Department of Homeland Security’s National Response Plan calls for coordination with a number of agencies, including the Department of Treasury, when the decision for a national response is made. So far, there has been no major cybersecurity event against the United States that has prompted the need for a national response.
The massive DoS attack attempt against the Internet’s root-servers this week, which specifically targeted military networks, raises the question whether the United States would ever respond with a counterattack.
“It’s the President’s call,” said Hall said, pointing out the recommendation for a counterattack would be passed to the chief executive via the U.S. Strategic Command in Omaha.
In the event of a massive cyberattack against the country that was perceived as originating from a foreign source, the United States would consider launching a counterattack or bombing the source of the cyberattack, Hall said. But he noted the preferred route would be warning the source to shut down the attack before a military response.
All the military services are preparing for military cyber-response, Hall pointed out.
Jim Collins, R&D engineer at the Air Force Information Operations Center, who also spoke on the need for network defense at a session at the RSA Conference, said the Air force is also gearing up for an offensive cyber capability.
“The Air Force hasn’t just been standing by,” he said, noting that in November, the Air Force added the mission to fight in cyberspace by creating a new Cyber Command.
“We’re standing up cyber-fighters to do network warfare,” Collins said. “Where we had pilots before, we’ll have fighters in cyberspace.”