Commented November 4, 2009
Gopal is right on!! We need a collaborative global initiative to address this impending situation. H...
For the better part of the 20th century, America's greatest threat came from the expansionist strategies of Communism, with its values and aspirations so contradictory to our own free and open democratic society. At the heart of the conflict was the proliferation of nuclear arsenals and the horrific potential to kill millions with one strike. Baby boomers who were schoolchildren at the time remember the drills when they were instructed to hide under their desks in the event of an attack.
While nuclear proliferation is still a threat, America is beginning to recognize a sleeper threat of a different kind: the devastation that can result from the mass disruption of business communications and the workings of government through cyber attacks. As we reflect on the results of President Obama's 60-day Cyberspace Policy Review, policy makers and private-sector leaders need to come together to apply great effort and creativity in crafting safeguards against these vulnerabilities.
The series of apparently orchestrated attacks on U.S. Web sites in July -- directed at such critical entities as the Treasury Department, Secret Service, Federal Trade Commission and New York Stock Exchange -- is precisely why the U.S. should become a leader in thwarting cyber attacks on our national and international information infrastructure. In his May 29 remarks on securing the nation's information infrastructure, President Obama stated that "the status quo is no longer acceptable" and called our attention to the critical work ahead. To reiterate that point, last month Homeland Security Secretary Janet Napolitano emphasized how important the role of state and local governments will be in meeting today's cyber security threats and that "it is important to recognize that there is no international structure" where cyber crime is concerned.
The Cyberspace Policy Review has validated our understanding that it is not only corporate America that is now under siege, but the federal, state and local governments, private institutions and non-governmental organizations as well. Capable of wreaking a different sort of havoc, and easier to execute, today's menace comes from cyber security attacks on our most valuable assets -- the data and information that power our productivity and support the economy of the United States and the world.
That is why we must pool resources to focus on an all-encompassing national approach to defending our assets within the context of the new geopolitical realities of the digital world we live in. We need to apply all of our tools and our finest minds to harness our capabilities and competencies in the interest of protecting an infrastructure that supports our way of life. Just as ducking under desks would have done little to protect schoolchildren in the 1950s from a nuclear attack, simply hiding behind new software or the latest firewall will not protect us from tomorrow's range of cyber threats. We must do more.
To this end, the United States should take the lead in an international endeavor to address these threats; not only the risks to our own country but also the risks to our allies in free economies and open governments around the world. Every attack, regardless of its target, poses global dangers, due to the interconnections of digital infrastructure and networks as well as the interdependencies of national and regional economies, and imperils commerce and communications among all nations.
In the past, the doctrine of Mutually Assured Destruction acted as a deterrent to prevent a nuclear first-strike by either side. Both the United States and the Soviet Union knew that a strike would mean mutual annihilation. As a result, although the doctrine has not contained the spread of nuclear technology to rogue states, a nuclear weapon has not been detonated in military conflict since World War II.
We need to develop an analogous approach against these new dangers -- one that fends off the cyber anarchy envisioned by some nation-states and fringe borderless entities.
The G-20 Summit in Pittsburgh this month is an ideal forum to establish America's leadership in cyber security. It's important that the international community come together to answer some basic, foundational questions about cyber attacks as a tactic of warfare: Should attacks of a cyber-nature be condemned in the same manner as chemical and biological weapons? How should a country respond to a cyber attack from another nation-state? How should the international community respond to such an attack?
The potential for mass disruption to all aspects of social, economic and political workings of nations requires that the G-20 country CIOs who are responsible for policies, practices and management of the digital infrastructure in their respective jurisdictions be a part of this discussion.
By working together, perhaps it will be understood that a cyber attack against one country is an attack against all countries, justifying a response -- maybe even an international response. Time will tell if the international community will embrace as bold a deterrent as "Mutually Assured Survival in Cyber Space." Still, now is the time to develop a doctrine of accountability and consequences that will serve as a deterrent to nation-states and rogue entities and prevent levels of cyber warfare that could jeopardize international trade, our government services, our security, our corporate and business interests, and most important, our open, democratic way of life.
You may use or reference this story with attribution and a link to