Before deciding how to react to a cyber attack, the United States needs to implement standards to determine what is acceptable and unacceptable behavior in cyberspace, according to a former White House cyber official.
In an interview with The Takeaway, a national morning news program hosted by BBC World Service, The New York Times and WGBH Boston, Melissa Hathaway, president of Hathaway Global Strategies and former acting senior director for cyberspace at the National Security Council, discussed the ramifications of a digitally implemented attack.
Increasingly over the last decade, energy and power grids have been moved from isolated networks to more Internet-based networks for the purpose of efficiency and reducing costs. An attack or disruption of those networks produces a ripple effect, creating vulnerabilities throughout U.S. society.
“If you lose power, it affects all sorts of essential services,” Hathaway said. Those services, among others, she said, include water and the ability to communicate.
When asked about how the Pentagon and Washington cyber planners view cyberwarfare, Hathaway spoke of the connection between cyberspace and the economy.
“Cyberspace affords anonymity, and is generally borderless,” she said. “As the different governments around the world are debating how best approach it, the thing that they know for certain is that states play key roles in securing cyberspace because securing the cyberspace is really securing the economy.”
Recent discussions following cyber attacks on government and industry alike have questioned the best approach to take in the event of a large-scale cyber attack, and whether the U.S. should respond with conventional warfare. But before even contemplating response strategies, Hathaway said there first needs to be a broader framework in place to begin talks on what is acceptable and unacceptable behavior in cyberspace, as well as define the terms so everyone speaks the same language.
“Once have that, you can have economic, diplomatic, military and the whole gamut of different types of response strategies,” Hathaway said. “But first, you need really the methodology by which to begin the conversation of what’s acceptable and what’s unacceptable.”
When asked who the perpetrators in cyber are, Hathaway declined to identify one specific nation or group.
“It’s hard to point fingers — over 100 nations have cyber capabilities and the attacks, whether they are from a hacker or whether it’s espionage, or whether it’s a broader based state-sponsored weaponization, there are many involved in this, which is why many need to participate in the conversation to address this and ensure it won’t escalate,” she said.