Although most of the conflict-related cyber attacks taking place today appear to originate with nonstate actors, governments have been blamed for launching some of them. China especially is fingered, but the Kremlin was accused of being behind the Estonian assault. Whereas the Chinese and Russian protest attacks were most likely the work of patriotic hackers operating on their own, it is possible these governments supported their efforts, or at least turned a blind eye. Regardless, most major governments are developing a cyber warfare capability, though details remain closely guarded secrets. If there is a silver lining, it is that cyber warfare may produce fewer casualties than conventional conflict as well as damages that are more quickly repaired. Instead of bombing a telecommunications hub and killing those in the vicinity, the objective of disrupting enemy communications on the battlefield might also be achieved through a cyber attack. Although a cyber attack, say against a power generator or military communications hub, could lead to casualties, in the near term, at least, physical weapons are far more lethal.
Addressing the cyber attacks against U.S. targets has been a challenge. Clearly, we need to defend our networks and computers, but this is not a problem the government alone can solve any more than it can defend our homes and offices from burglars. Rather, it requires knowledge and diligence on the part of each of us, along with considerable support from industry, such as more secure software. Industry efforts such as Microsoft's Trustworthy Computing Initiative help, but much remains to be done.
Government can help in four areas: defending its own networks; establishing and enforcing the law in cyberspace; promoting security through regulation and incentives; and funding research and education in security. Of these, the U.S. government has most effectively met the latter objective, perhaps because it is the easiest to accomplish. It has also been successful creating cyberspace law, though enforcement has been problematic owing to the difficulty of tracing and investigating cyber attacks, especially when they cross international borders. Yet effective law enforcement is critical for deterrence.
As for defending its own networks, many government agencies continue to flunk security assessments or succumb to cyber attacks, so there is ample room for improvement. Although the government has helped promote security in the private sector, it has generally avoided regulation, which in the end may become necessary, at least for software that controls crucial infrastructural and life-critical systems.
The White House's Comprehensive National Cybersecurity Initiative, a multiagency, multiyear plan established in January by the U.S. Department of Homeland Security, may address some of these needs. The plan calls for the government to set up a National Cyber Security Center to coordinate and integrate information for protecting U.S. networks and promoting collaboration among federal cyber groups. The jury is still out, however, on whether the initiative will be up to the task of strengthening the nation's cyber security posture.
See what we're tweeting about
6 Comments
Add CommentWay to equate hackers with terrorism, and play into the fearmongering "law & order" policies of the right. That's all we need, a more regulated and restricted internet.
Reply | Report Abuse | Link to thisGreat article capsulizing the start of cyber attacks and the current situation. I have always thought that one day hackers would be bold enough, confident enough and powerful enough to take control of one of our country’s major infrastructures such as air control, electricity or the Internet. In fact, I've written a book about such a scenario where hackers take over the cell phone network and the power grid and hold the US hostage. You can read a sample of Dark End of the Spectrum at the publisher's website at http://www.lulu.com/content/3515824.
Reply | Report Abuse | Link to thisAnother problem is many corporations, organizations and governments do not admit they had been hacked for fear they will become open game to other hackers. It's one of America's best kept secrets and I have written a post on my blog regarding Business Week's cover article, E-spionage at http://aspnovelist.blogspot.com/2008/04/cyber-attacks-are-like-sex-no-one-wants.html
One of the things that hugely disappoints me about this magazine is how blatantly pro-Israel it is. Plenty of articles about radical Islam, CIA torture and virtual terrorism. Not a jot about Israel testing chemical and biological weapons on Palestinian civilians, or their illegal occupation or their flagrant disregard for human rights and international law. I ve never seen anything in the 5 years I ve been subscribing to this magazine. If anyone could prove me wrong please do.
Reply | Report Abuse | Link to thisIt is you who have issued the charges - it is you who must provide supporting evidence. Please provide a list or links to Scientific American articles that indicate a pro-Israeli bias, "articles about radical Islam, CIA torture and virtual terrorism."
Reply | Report Abuse | Link to thisOtherwise, desist from making such radical political charges! If you cannot provide supporting evidence then your charges must be dismissed.
Interesting article indeed. What is important is to keep the Internet free and secure at the same time. Our communication should be kept immune to interference to the highest possible extent. At the heart of this is the love for freedom, because there will always be someone savvy enough to disrupt a system. We should make the system the least vulnerable to the highest possible extent. A computer can crash without the intervention of a cracker and that is very disappointing.That is disappointing even for some of us that can assemble and disassemble a computer blindfolded. If electrons are not enough let's go for photons.If one path is disrupted let's make another thousand paths available, and so on.
Reply | Report Abuse | Link to thisI am curious as to the relationship which the US government (specifically DoD) maintains with the Internet. We all know that it started as a military project, under the US Department of Defense. Does the US government still maintain or have direct jurisdiction over any of the Internet's backbone infrastructure - either here or in other countries?
Reply | Report Abuse | Link to this