Cyberwar Issues Likely to Be Addressed Only After a Catastrophe | Threat Level | Wired.com

Cyberwar Issues Likely to Be Addressed Only After a Catastrophe

When it comes to developing cyberwarfare policy, the United States will likely wait for a catastrophic event and then overreact, rather than plan ahead, said former intelligence chief Mike McConnell at the RSA Conference on Wednesday.

McConnell was pessimistic that Congress and the public would get its act together in time to debate and sort out all the questions that need to be answered about what constitutes cyberwar and how the government and private sector should respond when faced with incidents that fit the definition.

McConnell, former director of national intelligence and former director of the National Security Agency, was speaking on a panel that included former Secretary of Homeland Security Michael Chertoff, Bruce Schneier chief technology security officer at BT, and James Lewis, director and senior fellow of the technology and public policy program at the Center for Strategic and International Studies.

When it comes to defining cyberwar, Chertoff and McConnell say espionage and information theft don’t qualify, but destruction of data or systems do. Designating the latter as an act of war, however, would still depend on the scale and genesis of the attack.

“You could have a cyberattack that would be as consequential in terms of the economy, maybe even in terms of loss of life, as things we typically associate with war fighting,” Chertoff said.

But as Schneier pointed out, the genesis or source of an attack is the biggest unknown in any cyberincident. Judging an attack simply by its consequences creates problems, too, since an attack that causes destruction and looks like war could simply be an espionage attack gone unintentionally bad.

When moderator Lewis asked the audience which cyberincident they considered an act of war, the Google hack last year, believed to have originated in China, got a no, while the Stuxnet worm raised a lot of hands. Stuxnet, a superworm that spread in part via infected USB sticks and targeted a nuclear enrichment plant in Iran, is believed to have been created by the United States.

Stuxnet, he said, had to be considered in the same light we would view Israel’s evident bombing of a suspected nuclear facility in Syria in 2007.

“If one is war, the other one is,” he said. “And if one isn’t, the other one isn’t.”

Photo: Director of National Intelligence Mike McConnell, sitting, with left to right: Department of Energy Deputy Secretary Clay Sell, Chairman of Joint Chiefs of Staff General Peter Pace, State Department Deputy Secretary John Negroponte, Attorney General Alberto Gonzales, Department of Defense Secretary Robert Gates, and DHS Secretary Michael Chertoff. June 25, 2007 (Intelligence Community Photo)

Comments