Mike McConnell: “The United States is fighting a cyber-war today, and we are losing.”

Monday, March 1st, 2010 | Filed under Cybersecurity | Posted by
mike mcconnell

Mike McConnell

Mike McConnell, former DNI and current head of Booz Allen’s cyber division, is intimately familiar with the current state of US cyber defenses. Over the weekend, McConnell authored an editorial in The Washington Post that discussed how the US could win the cyber war that many experts believe we are currently losing.

“The United States is fighting a cyber-war today, and we are losing. It’s that simple,” McConnell writes. “The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.”

The Bipartisan Policy Center’s recent Cyber ShockWave war game demonstrated many of the problems the US would face in the event of a cyber attack, and its results prove McConnell’s point that the US still lacks fundamental foundations for dealing with a cyber attack against our critical infrastructure.

McConnell believes that the US should look to the Cold War example of nuclear arms in its approach to cyber policy. “The cyber-war mirrors the nuclear challenge in terms of the potential economic and psychological effects,” he writes.  “So, should our strategy be deterrence or preemption? The answer: both. Depending on the nature of the threat, we can deploy aspects of either approach to defend America in cyberspace.”

For this model to work, the US must make its aims explicit and detail how it would respond in the event of a cyber attack. Currently, McConnell writes, the US has outlined its intentions but does not have any concrete mechanisms in place to dictate its response to a cyber attack.

McConnell writes, “The United States must also translate our intent into capabilities. We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds.”

To deal with the threat from non-governmental groups, particularly criminal and terrorist organizations, McConnell recommends a preemption strategy. “We preempt such groups by degrading, interdicting and eliminating their leadership and capabilities to mount cyber-attacks, and by creating a more resilient cyberspace that can absorb attacks and quickly recover,” he writes.

McConnell also called for cooperation between the public and private sector, including greater information sharing. In order to build a coherent cyber strategy, McConnell would like to see experts come together to discuss the various challenges and possible solutions.

“We now need a dialogue among business, civil society and government on the challenges we face in cyberspace — spanning international law, privacy and civil liberties, security, and the architecture of the Internet. The results should shape our cybersecurity strategy,” McConnell writes.

Posted by on Monday, March 1st, 2010. Filed under Cybersecurity. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

Leave a Reply