Report: US cyber warfare needs oversight, debate

Apr 30, 2009 By LOLITA C. BALDOR , Associated Press Writer

(AP) -- Shrouded in secrecy, the U.S. government's policies on how and when to wage cyber warfare are ill-formed, lack adequate oversight and require a broad public debate, a new report by the National Research Council says.

The report warns that the "undeveloped and uncertain nature" of the government's policies could lead to them being used hastily and ill-advisedly during a crisis. That danger is compounded by secrecy and lack of oversight, the report's authors cautioned on Wednesday.

"Unsound policy formulated and implemented during crisis may prove difficult to change or reverse when the crisis has passed," concludes the report, the first to take a comprehensive look at American cyber war capabilities. The research council is the working arm of the National Academy of Sciences.

The U.S. government has spoken only broadly about cyber warfare in the past, noting its value as a tool. Officials routinely refuse to talk about computer attacks America has launched.

The 322-page report, prepared by an independent panel of academics and cyber security experts, comes as the Obama administration is on the verge of releasing its own review of the nation's .

That review, however, is expected to focus largely on defensive and administrative measures, including who will lead the nation's cyber effort, and how the government can better manage and use technology to protect everything from the to the stock market.

Officials have warned in recent months that the nation's computer and internet networks are at risk and are repeatedly probed by foreign governments, criminals or other groups.

U.S. offensive cyber war options could range from a more passive cyber intrusion such as listening in on a foe's communications to an attack that cripples an enemy's air defense systems to clear the way for a bomber attack.

A key challenge, however, may be determining who the enemy is, particularly if U.S. officials are considering a response to a cyber attack or intrusion against America.

Conducted from hundreds or thousands of miles away, a cyber attack can be over in a millisecond, with the press of a button. The perpetrator can be a single hacker looking to do mischief, a terrorist seeking to kill thousands, or a nation aiming to cripple the U.S. economy.

The council emphasized its call for greater public debate on the government's plans for cyber warfare, which to date has been clandestine. The council likened the need for further public airings to the debates that accompanied the use and testing of nuclear weapons more than 50 years ago.

"There needs to be a national debate, just as there was in the 1950s about nuclear weapons," said Kenneth W. Dam, co-chairman of the committee on offensive information warfare that put together the report. "The problem is, there is no national decision-making apparatus."

Earlier this month, Air Force Gen. Kevin Chilton, who heads U.S. Strategic Command, told reporters that the military has rules and procedures for cyber warfare, just as it does for armed conflict. He then declined to provide details, adding: "A good defense also depends on a good offense."

The Research Council's report warned that such secrecy surrounding the government's exploration of cyber warfare has "impeded widespread understanding and debate about the nature and implications of U.S. cyber attack."

It said that while the U.S. has highly developed and sophisticated capabilities to launch a cyber attack, it is difficult to determine the outcome of such a move compared to a traditional armed assault.

So far, said study director Herbert Lin, Americans have been focused more on defensive digital maneuvers - building firewalls, using anti-virus and other protective software and implementing safety procedures, such as the Pentagon's recent ban on the use of external computer flash drives.

Those efforts are important, he said. But he added that the U.S. cannot just continue to build bigger walls, particularly as cyber attacks grow and become increasingly easier to execute.

In its final recommendations, the report said the U.S. government must develop a clear decision-making process for cyber actions, require periodic accounting of cyber attacks at least in a classified form to those charged with oversight, and work with other nations around the world to establish a better legal and ethical framework for such attacks.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Turkey still hopes Twitter will open local office

add to favorites email to friend print save as pdf

Related Stories

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Pentagon spends $100 million to fix cyber attacks

Apr 07, 2009

(AP) -- The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.

Baker College wins cyber defense contest

Apr 24, 2008

Baker College of Flint, Mich., Texas A&M University and the University of Louisville have won top honors in the National Collegiate Cyber Defense Competition.

US IT Systems Highly Vulnerable To Attack

Sep 08, 2005

Our nation's information technology infrastructure, which includes air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal ...

FBI survey finds cybercrime rising

Jan 24, 2006

Nearly nine out of 10 public and private institutions suffered computer security incidents in 2005, but less than 10 percent of those report the incidents to law enforcement, according to a FBI survey.

Recommended for you

White House updating online privacy policy

57 minutes ago

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to, mobile apps and social media sites. It also clarifies that ...

Net neutrality balancing act

20 hours ago

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Twitter rules out Turkey office amid tax row

Apr 16, 2014

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

Apr 16, 2014

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Venture investments jump to $9.5B in 1Q

Funding for U.S. startup companies soared 57 percent in the first quarter to a level not seen since 2001, as venture capitalists piled more money into an increasing number of deals, according to a report due out Friday.

White House updating online privacy policy

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to, mobile apps and social media sites. It also clarifies that ...

Hackathon team's GoogolPlex gives Siri extra powers

( —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Scientists tether lionfish to Cayman reefs

Research done by U.S. scientists in the Cayman Islands suggests that native predators can be trained to gobble up invasive lionfish that colonize regional reefs and voraciously prey on juvenile marine creatures.

Leeches help save woman's ear after pit bull mauling

(HealthDay)—A pit bull attack in July 2013 left a 19-year-old woman with her left ear ripped from her head, leaving an open wound. After preserving the ear, the surgical team started with a reconnection ...