18 November 2016

Revealing Our Cyber Technology Puts It In The Hands Of Our Enemies



I write about directions in cloud, security and enterprise computing. 

Opinions expressed by Forbes Contributors are their own. 

This is a modal window.

We’ve seen some really crazy things in the past few months, many of them concerning and all of them spurring the question, “How the %$^& do we respond?” I don’t know the answers to most, but with the Democratic National Committee (DNC) email hack, the answer is pretty clear: We don’t do anything.

Revealing Our Cyber Technology

The DNC hack has made a lot of people mad and there’s been a lot of speculation swirling around who instigated it and what we do to retaliate. A few weeks ago, the Obama administration formally accused the Russian government. In a time of rising nationalism and now a clear attempt by another government to manipulate our political system, we’re hearing a battle cry from all sides: “It’s time to get tough on cyber.”

But what does that mean?

I argue that it means securing a good defense. We already have robust capabilities to defend our critical investments (our oil refineries and our power grids—I don’t consider election management systems to be “critical infrastructure” as Secretary of Homeland Security Jeh Johnson proposed in August, and which quickly got shot down). It’s always prudent to examine everything and ramp up the systems that protect us. But the more interesting question surrounds the offense. Most observers believe the U.S. has great capabilities—some say the most powerful cyber-attack capabilities in the world. Do we launch an offense to show the world?

The answer is no. It’s better for us to keep our capabilities under wraps and not use them as deterrence, but rather use them only when it’s really necessary. That means only when there is a clear and present danger—literally, an act of war. However, with cyber warfare, what constitutes an act of war will need to be re-defined, and that’s something that needs the attention of policy makers.

Without a clear definition for “act of war,” the decision of when the government should react is confusing, especially in the private sector. We’ve seen our adversaries attack us in domains that are clearly not part of the government, but that are very important to the economy—which many argue is the government’s responsibility. Attacks that impact our economy can be extremely disruptive—but what level of disruption should be considered an act of war and cause government intervention?

The DNC hack is a good example of a cyber-attack situation that would need to be assessed, since the DNC is a politically affiliated organization, not a wing of the federal government. People deciding this policy issue need to determine, for example, whether an attack on our electoral process constitutes an act of war. Should it? Does an attack on an individual user constitute an online crime or an act of war? The challenge for America going forward won’t be how to master cyber technology—it will be how to understand when it’s okay to use it and when not to use it. Policy, not technology, is the hardest part of this brave new world.

Revealing Our Cyber Technology Puts It In The Hands Of Our Enemies 

No comments: