Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How should the U.S. respond to state-sponsored cyberattacks?

Kenneth Corbin | July 30, 2015
It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.

uscyberattacks ts

It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.

But how exactly should the feds respond to those incursions?

Ask a random sample of Americans and you'll likely get a very different answer than if you polled the State Department.

In a recent flash survey of more than 1,000 U.S. adults commissioned by the security vendor Vormetric, a quarter of the respondents said that the United States should cut off all ties to any nation responsible for compromising U.S. government data.

In practice, of course, it is much more complicated than that. In the recent breach of the Office of Personnel Management, information about more than 21 million current, former and potential government employees was exposed in an attack widely believed to have been carried out by hackers working on behalf of the Chinese government.

But no direct public accusation against the Chinese has come from President Obama or any other top administration official, and the suggestion of cutting off ties with China is about as likely as the sun rising in the west.

"He (Obama) needs to do business with them, so it is quite fascinating," says Alan Kessler, Vormetric's president and CEO. "They're trade partners and we have to do a careful dance with them."

Cyber diplomacy might be good in theory...

More respondents in Vormetric's survey favored high-level diplomacy than any other single response to a breach of government systems, and, indeed, U.S. officials have said that cyber issues are on the table in virtually every discussion they have with foreign counterparts.

But to what end? It may be hard to argue against engaging in cyber diplomacy with U.S. adversaries, but Kessler is skeptical that any verifiable and enforceable agreement to limit nation-state hacking and surveillance could materialize.

"The reality of the situation is that state-sponsored attacks are of course always going to be denied by the likely attacking state," he says.

"We all know that talk is cheap, and no one's ever going to acknowledge cyber activity against another nation-state," he adds. "What are you really going to say? Because there's going to be a lot of deniability and denying, unless you have the proverbial smoking gun. The fact that anything's going to come from that in a negotiated way is difficult to contemplate."

The respondents in Vormetric's survey generally showed an appetite for diplomacy over other, more hawkish responses to a cyberattack on government targets. Forty-five percent said that they believe the president should engage in high-level talks with officials from the nation that launched the attack. Asked to name all of the options on a provided list that they see as an appropriate response, respondents expressed support for issuing trade sanctions on the attacking nation (36 percent), and imposing diplomatic sanctions on the country's diplomats based in the United States (31 percent).

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.