Infosecurity

US cyber warfare policy under attack

By Robin Hicks | 4 May 2009

A study by the National Research Council has criticised the United States government for lacking a comprehensive policy on how and when will engage in cyber warfare against other nations.

View photos

Related Articles

• US cybersecurity guidlines under attack
• US and Korean govts hit by cyber attacks
• US leads the world in internet attacks

Related Categories

• INFOSECURITY

From this Section

• NEWS

The US government should engage in a national dialogue on cyber attacks, the study found.

It also pointed out that the US government lacks a person or office to coordinate cyber attacks, and agencies making attacks should regularly brief the US Congress about their efforts.

The National Research Council is a nonprofit organisation that put together a panel of military, diplomatic, legal and IT security experts to conduct the study.

It concluded that the US government’s current policy and legal framework on the use of cyber attacks was “ill-informed, undeveloped and highly uncertain.”

The US military is developing cyberwarfare capabilities and may have already used them, and US intelligence agencies also have the ability to penetrate computer networks, said Kenneth Dam, a former law professor who has in the past held senior positions in the US Departments of Treasury and State.

But those capabilities have been developed largely without public discussion about when cyberattacks are appropriate, he said.

The secrecy surrounding US cyber attack capabilities has impeded debate about the legal and ethical issues associated with cyberattacks and the consequences of such attacks, Dam said.

In many cases, a cyber attack will have a much larger effect than a destroyed computer or network, added William Owens, a retired Navy admiral and former CEO of Nortel Networks. An attack on some computers could cause the electric grid to shut down or a pipeline to stop working, causing widespread problems in the targeted country, he said.