3Qs: The rules of cyber-engagement

March 6, 2013 by Jason Kornwitz
The Obama administration is reportedly close to approving the nation’s first set of rules for how the military can defend or retaliate against a major cyberattack, according to a report last month in The New York Times. Credit: Thinkstock

The Obama administration is close to approving the nation's first set of rules for how the military can defend or retaliate against a major cyberattack, according to a report last month in The New York Times. One such new rule would reportedly give the president power to order a pre-emptive strike if the U.S. detects a credible threat from a foreign adversary. Northeastern University news office asked William Robertson, an expert in detecting and preventing Web-based attacks and an assistant professor with dual appointments in the College of Engineering and the College of Computer and Information Science, to assess the potential policy and the growing cyberarms race.

Former Defense Secretary Leon E. Panetta has warned that a cyberattack from a foreign nation or extremist group could be equally as destructive as the terrorist attack of 9/11. What would a cyber-9/11 look like and how does the president's power to order a pre-emptive cyberstrike against a foreign adversary impact the chances of such an attack?

The term "cyber-9/11″ is quite clearly meant to conjure up imagery surrounding the nation's shock in reaction to the airliner hijackings of 2001. One between those attacks and an imagined cyber-9/11 is the element of surprise, where the attackers might very well execute an operation against the nation without advance detection. A strike against the nation's —such as the power distribution network or —could have far-reaching effects that harm or in some other way affect millions of Americans.

One can interpret the recent reported strategizing by the administration on the preemptive use of cyberweapons as a form of deterrence against would-be attackers, in much the same way that our nation's conventional military serves as a deterrent to potential adversaries. Given the history of alleged attacks against American assets by foreign actors located in China and Russia, it is quite possible that the recent decision to allow for preemptive cyberattacks is aimed squarely at nations such as these.

Unfortunately, only goes so far. It's unlikely to be effective against those adversaries that either do not anticipate experiencing great harm from a preemptive —for instance, if attack attribution is difficult or the attackers do not possess significant technological assets—or the attackers have sufficient motivations—e.g., religious or political—that they are willing to risk the consequences.

The Washington Post recently reported the Pentagon is planning to significantly expand the Defense Department's Cyber Command to counter attacks against the nation's computer networks and execute operations on foreign adversaries. From your vantage point as a co-principal investigator of a $4.5 million grant from the National Science Foundation to train the next generation of cyberdetectives, why is the federal government having such a difficult time finding and training qualified cyberspecialists?

One reason for the difficulty in recruiting cyberoperators is simply the scarcity of qualified labor. People with the necessary skills are few and far between, and this shortage is evident in both government and industry circles. A related difficulty is that not every candidate who possesses the requisite technical background has the temperament or inclination for these jobs. Both defensive and offensive roles are stressful and demanding, and as in the case of the conventional military, many choose career paths that do not involve these characteristics.

Another consideration is that convincing top talent to work in a state or federal role can be an uphill battle. Government is competing for a small pool of candidates that can quite easily command large salaries and benefits in the private sector, either by working for any number of established security companies or as freelance consultants.

According to reports, critics have suggested that contractors and consultants looking for a big payday are overstating the cyberthreats to the nation's critical infrastructure. Where should the potential for a catastrophic cyberattack rank on the federal government's list of security concerns?

In my opinion, preparation for catastrophic cyberattacks should be a top priority for government, in cooperation with industry. Those who work in security are all too aware of the fact that our systems are already being attacked, our data is already being exfiltrated, and our infrastructure has already been demonstrated to be "porous" at best. When you consider that bolstering our defenses against catastrophic attacks will also likely translate to a more secure posture against the low-intensity cybercold war that we are already experiencing, as well as stimulate the creation of new jobs and technologies, it would seem to be the forward-​​thinking direction to move.

Explore further: US military prepares new rules for cyber war: Panetta

Related Stories

US military prepares new rules for cyber war: Panetta

October 12, 2012

The United States faces a growing threat of a "cyber-Pearl Harbor" and has drafted new rules for the military that would enable it to move aggressively against digital attacks, Defense Secretary Leon Panetta said late Thursday.

Too much hysteria over cyber attacks: US experts

February 15, 2011

Overblown talk of full-on cyber war between nations fueled by recent attacks like the computer worm Stuxnet could hamper Internet security efforts, officials and experts warned Tuesday.

24,000 files stolen from defense contractor: Pentagon

July 15, 2011

A foreign intelligence service swiped 24,000 computer files from a US defense contractor in March in one of the largest ever cyberattacks on a Pentagon supplier, a top Defense Department official revealed on Thursday.

Destructive cyber attack inevitable: NSA chief

February 18, 2011

The US National Security Agency (NSA) chief on Thursday urged top computer security specialists to harden the nation's critical infrastructure against inevitable destructive cyber attacks.

US Senate in new cybersecurity push

February 15, 2012

US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.