Mike McConnell, former DNI and currently heading the cyber effort at Booz Allen, is intimately acquainted with the current level of US cyber defenses. Over the weekend, McConnell wrote an article published in The Washington Post which discussed how the US could go about winning the cyber war that many experts believe we are currently losing.
“The United States is fighting a cyber-war today, and we are losing. It’s that simple,” McConnell writes. “The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.”
The United States is one of the most networked nations in the world and therefore has much to lose by having inadequate cyber defenses. Back in 2007, Estonia, also a highly networked country, had its Internet capacity crippled by a broad-sweeping cyber attack.
Recently, the Bi-Partisan Policy Center hosted Cyber ShockWave, a simulated cyber war game which demonstrated a number of the problems the US faces in the event of a massive cyber attack. The US still lacks fundamental foundations for dealing with a cyber attack against our critical infrastructure.
McConnell believes that to prepare for a cyber attack, the US should look to the Cold War example of nuclear arms. “The cyber-war mirrors the nuclear challenge in terms of the potential economic and psychological effects,” he writes. “So, should our strategy be deterrence or preemption? The answer: both. Depending on the nature of the threat, we can deploy aspects of either approach to defend America in cyberspace.”
In order to a deterrence model to work, the US must make its intentions clear, outlining how it would respond in the event of a cyber attack. Currently, McConnell writes that the US has outlined its intentions but does not have the mechanisms in place yet nor the well outlined policy.
“The United States must also translate our intent into capabilities. We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds,” McConnell writes.
More importantly, the threats in cyberspace are slightly different from the nuclear debate during the Cold War. During the Cold War, the nuclear threat came from the Soviet Union. However, the current threat landscape in cyberspace includes state and non-state actors.
To deal with the threat from non-state actors, particularly terrorist organizations, McConnell recommends a preemption strategy. “We preempt such groups by degrading, interdicting and eliminating their leadership and capabilities to mount cyber-attacks, and by creating a more resilient cyberspace that can absorb attacks and quickly recover,” he writes.
McConnell also called for an increased level of cooperation between the public and private sector, to include greater information sharing. In order to build a coherent cyber strategy, McConnell would like to see experts come together to discuss the various challenges and possible solutions.
“We now need a dialogue among business, civil society and government on the challenges we face in cyberspace — spanning international law, privacy and civil liberties, security, and the architecture of the Internet. The results should shape our cybersecurity strategy,” McConnell writes.
McConnell’s article in The Washington Post can be viewed here