Skip Links

Panel calls for national dialog on gov't cyberattacks

The U.S. government lacks a comprehensive policy about cyberattacks, a group says

By Grant Gross, IDG News Service
April 29, 2009 04:50 PM ET
  • Print
. What's this?

The U.S. needs to engage in a national dialog about its government's use of cyberattacks against other nations, and the government lacks a comprehensive policy about how and when it will engage in cyberwarfare, a new study said.

The U.S. government also lacks a person or office to coordinate cyberattacks, and agencies making attacks should regularly brief the U.S. Congress about their efforts, said the report, from a panel of military, diplomatic, legal and IT security experts assembled by the National Research Council, a nonprofit organization that provides policy advice to the U.S. government.

The U.S. government's current policy and legal framework on the use of cyberattacks is "ill-informed, undeveloped and highly uncertain," the report said. The U.S. government has no comprehensive policy on how to respond to cyberattacks or how it will use cyberattacks, said the report, released Wednesday.

The U.S. military is developing cyberwarfare capabilities and may have already used them, and U.S. intelligence agencies also have the ability to penetrate computer networks, said Kenneth Dam, a former law professor who has in the past held senior positions in the U.S. Departments of Treasury and State. But those capabilities have been developed largely without public discussion about when cyberattacks are appropriate, he said.

Related Content

The secrecy surrounding U.S. cyberattack capabilities has impeded debate about the legal and ethical issues associated with cyberattacks and the consequences of such attacks, Dam said.

In many cases, a cyberattack will have a much larger effect than a destroyed computer or network, added William Owens, a retired Navy admiral and former CEO of Nortel Networks. An attack on some computers could cause the electric grid to shut down or a pipeline to stop working, causing widespread problems in the targeted country, he said.

"When you attack a computer, it's not just attacking a computer, it's obviously attacking everything that computer serves," Owens said.

Representatives of the U.S. Air Force and the U.S. Director of National Intelligence, two organizations involved in cyberattacks and defense, didn't immediately respond to a request for comment on the report.

The U.S. government doesn't seem to have a policy about when it will use cyberattacks and what response it will take when another country attacks its computer networks, Owens said. That's why public debate is needed, he added.

Cheap tools for attacking computer networks are easily available, and it's likely that the U.S. government will continue to face serious cyberattacks well into the future, Owens added. "Enduring unilateral dominance of cyberspace is neither realistic or achievable by the United States," he said.

The report distinguishes between cyberattacks and cyberexploitation. It defines cyberattacks as efforts intended to damage or cripple computers and networks, while cyberexploitation is a stealthy effort intended to compromise information held on computers. The report largely focuses on cyberattacks.

The IDG News Service is a Network World affiliate.

  • Print
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed