Deterring adversaries from attacking U.S. networks starts with shared terminology.
Even the experts are stumped on how to answer society’s most pressing cyber questions. Martin Libicki, senior management scientist for the Rand Corporation, and Vincent Manzo, a researcher at the National Defense University’s Institute for National Strategic Studies, sat down at a Government Executive Media Group event on Thursday to hash out the unknowns.
Active defense. It’s a term the Pentagon and policy analysts often throw out to describe the U.S. military’s strategy in cyberspace. What does it mean?
“It’s kind of difficult to talk about because not everybody has the same definition of active defense,” Libicki said. The term seems to cover the spectrum between software that scans for viruses without breaching any systems -- and tools that defend against an oncoming cyberattack by disrupting the adversary’s network.
In the middle would be hacking into a server to protect data that someone may have stolen or be trying to steal. This may be how the United States in late 2009 concluded that files at Google and at least 20 other companies had been breached by a computer in China. “My guess is we didn’t call up the guy who owns the server and say ‘do you have my files?’ My guess is that someone hacked the system,” Libicki said.
Global cyber war treaty. Cyber now is a military domain, like land, sea, air and outerspace. So what should be the law of war in cyberspace? Again, the answer is a range of possibilities:
“It’s going to have to start bilaterally,” Manzo said. For example, the United States and China could mutually accept that, during war, one nation may attack the other with tactical cyber capabilities, while keeping certain civilian systems off limits, such as, perhaps, hospital databases. “Mutual deterrence is feasible based on mutual vulnerability,” he said.
Down the road, “international consensus would be great and it’s a good long term goal,” Libicki said.
Sequestration. America is on the verge of suffering automatic, across-the-board defense spending cuts, due to congressional inaction. How will this budget hacking affect military network security?
Answer: Nobody knows.