The government of the USA was constituted “to provide for the common defense” among other things.[1] Unfortunately the line between public responsibility and private responsibility for defense in cyberspace could be rather blurry.
Clearly when there is warfare in the physical world the combatants are also likely to utilize cyber tactics of some sort, even if only for informational or propaganda purposes, but more likely as powerful tactics to take down their target’s ability to respond quickly or in a focused manner. Because governments aren’t really equipped to handle these types of attacks, which would include attacks against private infrastructure, not just government systems, they’d have to rely on private companies, individuals and groups — essentially private armies — to deflect or thwart any attack.
There are some problems inherent in cyber attacks that make any kind of defense really tricky:
* During a cyber attack against private or military targets online, one might not be able to determine whether the attacker is civilian, criminal or military;
* Online citizen militias (hackers motivated by patriotism) could be impossible to distinguish from organized military cyber-attackers;
* Collateral cyber-damage to (or the freezing of, or interference with) the economic mechanisms that make daily life possible could paralyze large areas if not whole countries; the idea that a government (say the President of the US under the proposed cybersecurity bill) could shut down key elements of the Internet for up to 120 days without legislative recourse[2], could be more dangerous than the attacks themselves;
* An ISP in any particular country (say the US, for example) might be conflicted about whether to allow a sudden flood of traffic to pass through its network to “attack” some foe, or whether to stop that flood in order to preserve its ability to serve customers—in fact the ISP probably wouldn’t be able to tell the difference;
In a sense, were someone to “shut off the Internet,” which proponents say S 3480 does not allow, it would be suicidal, since the defenders would also lose their ability to communicate with each other and to thwart any attack. Turning off the Internet would not only deny your opponent a playing field, but would deny defenders the ability to respond. And the collateral damage would be that all financial, manufacturing, transportation and other systems that depend on the net would also shut down
Lots of room for debate, but clearly governmental agencies and legislatures are beginning to think about the necessary means and the possible limits of their actions.
[1] We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.
[2] The Protecting Cyberspace as a National Asset Act of 2010; some fear that this bill provides a “kill switch” the President of the US could use to “turn off” the Internet;
[-] US Appoints first Cyberwarfare General in guardian.co.uk
[-] EU Committee in UK on protecting Europe against large-scale cyber-attacks
Leave a Reply