Report: US cyber warfare needs oversight, debate

Apr 30, 2009 By LOLITA C. BALDOR , Associated Press Writer

(AP) -- Shrouded in secrecy, the U.S. government's policies on how and when to wage cyber warfare are ill-formed, lack adequate oversight and require a broad public debate, a new report by the National Research Council says.

The report warns that the "undeveloped and uncertain nature" of the government's policies could lead to them being used hastily and ill-advisedly during a crisis. That danger is compounded by secrecy and lack of oversight, the report's authors cautioned on Wednesday.

"Unsound policy formulated and implemented during crisis may prove difficult to change or reverse when the crisis has passed," concludes the report, the first to take a comprehensive look at American cyber war capabilities. The research council is the working arm of the National Academy of Sciences.

The U.S. government has spoken only broadly about cyber warfare in the past, noting its value as a tool. Officials routinely refuse to talk about computer attacks America has launched.

The 322-page report, prepared by an independent panel of academics and cyber security experts, comes as the Obama administration is on the verge of releasing its own review of the nation's .

That review, however, is expected to focus largely on defensive and administrative measures, including who will lead the nation's cyber effort, and how the government can better manage and use technology to protect everything from the to the stock market.

Officials have warned in recent months that the nation's computer and internet networks are at risk and are repeatedly probed by foreign governments, criminals or other groups.

U.S. offensive cyber war options could range from a more passive cyber intrusion such as listening in on a foe's communications to an attack that cripples an enemy's air defense systems to clear the way for a bomber attack.

A key challenge, however, may be determining who the enemy is, particularly if U.S. officials are considering a response to a cyber attack or intrusion against America.

Conducted from hundreds or thousands of miles away, a cyber attack can be over in a millisecond, with the press of a button. The perpetrator can be a single hacker looking to do mischief, a terrorist seeking to kill thousands, or a nation aiming to cripple the U.S. economy.

The council emphasized its call for greater public debate on the government's plans for cyber warfare, which to date has been clandestine. The council likened the need for further public airings to the debates that accompanied the use and testing of nuclear weapons more than 50 years ago.

"There needs to be a national debate, just as there was in the 1950s about nuclear weapons," said Kenneth W. Dam, co-chairman of the committee on offensive information warfare that put together the report. "The problem is, there is no national decision-making apparatus."

Earlier this month, Air Force Gen. Kevin Chilton, who heads U.S. Strategic Command, told reporters that the military has rules and procedures for cyber warfare, just as it does for armed conflict. He then declined to provide details, adding: "A good defense also depends on a good offense."

The Research Council's report warned that such secrecy surrounding the government's exploration of cyber warfare has "impeded widespread understanding and debate about the nature and implications of U.S. cyber attack."

It said that while the U.S. has highly developed and sophisticated capabilities to launch a cyber attack, it is difficult to determine the outcome of such a move compared to a traditional armed assault.

So far, said study director Herbert Lin, Americans have been focused more on defensive digital maneuvers - building firewalls, using anti-virus and other protective software and implementing safety procedures, such as the Pentagon's recent ban on the use of external computer flash drives.

Those efforts are important, he said. But he added that the U.S. cannot just continue to build bigger walls, particularly as cyber attacks grow and become increasingly easier to execute.

In its final recommendations, the report said the U.S. government must develop a clear decision-making process for cyber actions, require periodic accounting of cyber attacks at least in a classified form to those charged with oversight, and work with other nations around the world to establish a better legal and ethical framework for such attacks.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Ebola.com domain sold for big payout

add to favorites email to friend print save as pdf

Related Stories

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Pentagon spends $100 million to fix cyber attacks

Apr 07, 2009

(AP) -- The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.

Baker College wins cyber defense contest

Apr 24, 2008

Baker College of Flint, Mich., Texas A&M University and the University of Louisville have won top honors in the National Collegiate Cyber Defense Competition.

US IT Systems Highly Vulnerable To Attack

Sep 08, 2005

Our nation's information technology infrastructure, which includes air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal ...

FBI survey finds cybercrime rising

Jan 24, 2006

Nearly nine out of 10 public and private institutions suffered computer security incidents in 2005, but less than 10 percent of those report the incidents to law enforcement, according to a FBI survey.

Recommended for you

Ebola.com domain sold for big payout

8 hours ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Facebook goes retro with 'Rooms' chat app

Oct 23, 2014

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

User comments : 0