LAS VEGAS -- If the United States’ goal is peace and security in cyberspace, officials should think less about cyberwar and more about cyber diplomacy, a scholar from the Atlantic Council said on Thursday.
For all of the talk about lightning attacks that come out of nowhere and the often inscrutable language of experts, cyber conflicts at the national level tend to mirror traditional conflicts much more than you’d expect, Jason Healey, director of the council’s Cyber Statecraft Initiative said during the Black Hat security convention here.
By the time a major attack, say, against the U.S. financial system is being dealt with at the top levels of government, the stakes and strategies are very similar to a traditional national security crisis, said Healey, who was director for cyber infrastructure protection at the White House from 2003 to 2005.
“What’s happening here is not that different from a coup in Pakistan,” he said. On a tactical level, government responders will be calling up bankers and trying to help secure their servers rather than securing embassy staff. But, at a strategic level, the response should be similar, he said.
That means “the president needs to get on the phone with Mr. Putin,” or whichever leader is likely behind the attack, and figure out a way to make it stop, he said.
Healey was editor of the Atlantic Council book A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. While individual cyberattacks may happen with lightning speed, large cyber conflicts such as Russia’s 2007 attacks on Estonia and the Stuxnet attack, reportedly launched by the U.S. against Iranian nuclear facilities, tend to unfold over time and allow for thoughtful decision-making by top leaders.
Cyber diplomacy, he argued, can also be strategic and thoughtful. Some of this diplomacy has taken place in multilateral contexts, he said, such as recent discussions about whether the laws of war apply in cyberspace. More often, it will happen in a bilateral context such as the recent agreement between the U.S. and Russia to install a cyber hotline.