What cyber can learn from counterterrorism

The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Shutterstock image: breached lock.

U.S. policy on responding to malicious cyberattacks needs to draw on lessons of the counterterrorism fight since 9/11, says the outgoing assistant to the president for homeland security and counterterrorism.

Speaking at the Aspen Institute in Washington, Lisa Monaco said the U.S. has developed a whole set of tools and policy frameworks to counter the terrorism threat and those policies have become increasingly clear to adversaries.

"President Obama has been very clear about the importance of…having a legal and policy framework that is laid down and that is one that enables a repeatable process that we can discuss with our allies, with our partners, that we can use to great effect against terrorism threats," she said.

The challenge, Monaco said, is striking a balance between being transparent to that adversaries know they will face consequences for malicious acts without revealing too much about policies and actions that would enable adversaries to counter any actions.

"The same tension exists in the sense of it is important to be transparent for the legitimacy of our actions in the counterterrorism realm as I would argue in the cyber realm," she added. "So, we've got to do the same thing in the cyber realm, we've got to push to have repeatable processes, a framework."

Monaco argued that the U.S. has applied a consistent process in response to Russia's election-related hacking as well as hacks by China, Iran and North Korea.

That process was to "put all of our intelligence and information together…have the intelligence community tell us what it is we can say about that malicious cyber activity that is going to be in our national interest," she explained.

She said the U.S. has to make clear that it will impose consequences for attacks in cyberspace, but also needs to do so in a way that does not reveal the sources and methods used to determine who committed the attack.

Monaco hopes the new administration will keep in place Obama's Executive Order 13964, which originally outlined U.S. responses to significant malicious cyber incidents and was amended in December 2016 to allow for the sanctions against Russia in response to its interference in the election.

"We have the bar pretty high," on the use of sanctions, she said. "I think that's a good thing, but having that out there as a signal to not just the malicious cyber actors but other nation states as well as to where we're trying to set the bar, where we're trying to set the international norms, is important."