Cybersecurity: how preemptive cyberwar is entering the nation's arsenal
In addition to authorizing the use of cyberweapons, the White House is preparing an executive order to beef up cybersecurity for critical infrastructure, such as the electric grid, refineries, and telecommunications.
(Page 3 of 3)
Two key other architects of the cyberpolicy that has just emerged publicly were William Lynn III, a former deputy secretary of Defense, and the former vice chairman of the Joint Chiefs of Staff, Gen. James E. Cartwright, former head of the US Strategic Command. Both were central in helping set up US Cyber Command, Dr. Lewis says. General Cartright, who retired from service in August 2011, was well positioned to assist in the cyber review, joining the Defense Policy Board Advisory Committee two months later.Skip to next paragraph
Subscribe Today to the Monitor
Cartright has warned of the US need for better cyber preparedness. The Chinese, he told the US-China Economic and Security Review Commission in March 2007, are making “plans to use this type of capability in a military context.” He added, “I don’t think the [United States] has gotten its head around this issue yet, but I think we should start to consider that the regret factors associated with a cyberattack could, in fact, be in the magnitude of a weapon of mass destruction.”
"We're seeing plenty of signs that cyber deterrence hasn't worked," Dr. Lewis says. "If that doesn't work, well, then you have to preempt. This is where we see a potential attack, some planning going on, and we would be able to go in an stop it. Suppose we could turn off the attack computer the moment they pressed the key sequence. We could say: Well, we saw he was going to hit me and hit him first."
Another backdrop for the US authorization of the use of cyberweapons is the prospect that President Obama, in the absence of congressional action, will issue an executive order to require federal agencies to tighten regulations to bolster cyberdefenses at US critical infrastructure like the electric grid, refineries, and telecommunications.
What appears to be emerging, then, is an overlapping set of mandates to protect the US against attack. On a strategic level, the US has now authorized the use of cyberweapons. On a middle level, Internet service providers could also detect and mitigate an attack to some degree. Finally, the Department of Homeland Security is working to implement policies, presumably with sharper teeth under a coming executive order, to bolster defenses at the individual company level.
"What's happening is that all these mandates are really overlapping and to some degree connected," Dr. Kuehl says. "There's now a growing awareness that cyberspace is absolutely crucial to US national security – not just militarily, but societally. All these forces are gelling to protect the nation's critical infrastructure."