Security Experts Say Secrecy Weakens US Policy on Cyberattack
LOS ALAMITOS, Calif., 17 August, 2009—The framework for US policy on cyberattacks is ill-formed, undeveloped, and highly uncertain, say computer security experts on the National Research Council’s Offensive Information Warfare committee. Will US Secretary of Defense Robert Gates’ recent announcement of a new cyber command at the National Security Agency change the culture of secrecy that fostered such poor policy?
In IEEE Security & Privacy magazine’s July/August issue, author Herbert Lin, who directed the Offensive Information Warfare committee’s study, says secrecy has crippled understanding and debate about the nature and implications of US cyberattacks for military, intelligence, and law enforcement purposes. As a result, there has been a dearth of public scrutiny and congressional oversight, and thus an increase in the likelihood that any US policy will be formulated with narrow parochial or short-term interests in mind—policy that’s needed before benign attacks become more serious.
“For too long,” Lin says, “the debate over cybersecurity has talked about strengthening the defenses of our computer systems and networks and using law enforcement tools to go after the bad guys attacking them. But the idea of using cyberattack weapons as an instrument of national policy—that is, cyberattack being used by the good guys—hasn’t been discussed much in public, although it’s certainly being discussed behind closed doors in Washington. It’s time for the topic to be aired publicly.”
Lin’s article, “Lifting the Veil on Cyber Offense,” calls for greater transparency when discussing cyberattack as an instrument of US policy. Such transparency will stimulate more public discussion about the appropriate role of cyberattack as an instrument of US policy—something that’s simply too important for the nation to discuss only behind closed doors.
IEEE Security & Privacy Magazine, published by the IEEE Computer Society, provides a combination of research articles, case studies, tutorials, and regular departments and columns for the information security industry. For more information, visit http://www.computer.org/security.
About the IEEE Computer Society
With nearly 85,000 members, the IEEE Computer Society is the world’s leading organization of computing professionals. Founded in 1946, and the largest of the 39 societies of the Institute of Electrical and Electronics Engineers (IEEE), the Computer Society is dedicated to advancing the theory and application of computer and information-processing technology. The Society serves the information and career-development needs of today’s computing researchers and practitioners with technical journals, magazines, conferences, books, conference publications, certifications, and online courses.