Saturday, April 5, 2014

Today's Cold War is Cyber

What happens when the government of China or North Korea attacks the US?
You'd expect retaliation similar to 9/11 or Pearl Harbor.

What if the goal of the attack isn't to directly harm the US government, but rather a specific business, say, a bank? And, what if it's not a physical attack (with atoms) but, rather, a cyber attack (with electrons)? In this case, since attribution for the attack is difficult, a response can be dicey.

While not an act of terrorism, a cyber attack is similar to terrorism in that it's asymmetrical.

DIME on PMESII 

As I wrote three years ago, defenders in the cyber world do not have the advantage they have in the real world. About ten years ago I studied DIME on PMESII at the Joint Forces Command. When a government wants to impose their will on another less-than-friendly government they have options other than military attacks or spying. Specifically, the actions they can take in irregular warfare are diplomatic, informational, military and/or economic (DIME). Cyber attacks definitely fall under the informational.

U.S. Response

Let's say the NSA discovered, hypothetically, that the government of China was behind the cyber attack that compromised millions of Target's credit cards. How would the United States respond to these attacks? NPR's Fresh Air covered this topic in depth a few days ago. But, the bottom line is, in the name of a proportional response, a counterattack would probably be just as undetectable as the initial offensive. After all, it wasn't a direct attack against the U.S. government or the Constitution, nor was anyone harmed or equipment damaged.

Is it time for commercial ventures to do more than simply provide defensive options?



Author: Joe Moreno

No comments: