recommended reading

A Call for Cyber Diplomacy

Vectomart/Shutterstock.com

LAS VEGAS -- If the United States’ goal is peace and security in cyberspace, officials should think less about cyberwar and more about cyber diplomacy, a scholar from the Atlantic Council said on Thursday.

For all of the talk about lightning attacks that come out of nowhere and the often inscrutable language of experts, cyber conflicts at the national level tend to mirror traditional conflicts much more than you’d expect, Jason Healey, director of the council’s Cyber Statecraft Initiative said during the Black Hat security convention here.

By the time a major attack, say, against the U.S. financial system is being dealt with at the top levels of government, the stakes and strategies are very similar to a traditional national security crisis, said Healey, who was director for cyber infrastructure protection at the White House from 2003 to 2005.

“What’s happening here is not that different from a coup in Pakistan,” he said. On a tactical level, government responders will be calling up bankers and trying to help secure their servers rather than securing embassy staff. But, at a strategic level, the response should be similar, he said.

That means “the president needs to get on the phone with Mr. Putin,” or whichever leader is likely behind the attack, and figure out a way to make it stop, he said.

Healey was editor of the Atlantic Council book A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. While individual cyberattacks may happen with lightning speed, large cyber conflicts such as Russia’s 2007 attacks on Estonia and the Stuxnet attack, reportedly launched by the U.S. against Iranian nuclear facilities, tend to unfold over time and allow for thoughtful decision-making by top leaders.

Cyber diplomacy, he argued, can also be strategic and thoughtful. Some of this diplomacy has taken place in multilateral contexts, he said, such as recent discussions about whether the laws of war apply in cyberspace. More often, it will happen in a bilateral context such as the recent agreement between the U.S. and Russia to install a cyber hotline.

(Image via Vectomart/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.