June 08, 2011

Report: Cyber Threats Outpacing Cyber Security Progress

June 8, 2011 — While a “cyber Armageddon” does not appear imminent, cyber attacks constitute a serious challenge to U.S. national security and demand greater attention from American leaders, according to a new study from the Center for a New American Security.

“US. government networks are vulnerable,” declares the report titled   America’s Cyber Future Security and Prosperity in the Information Age,”with approximately 1.8 billion cyber attacks of varying sophistication targeting Congress and federal agencies each month. Foreign cyber intruders have penetrated America’s power grid, and while their intentions are unclear, the potential for harm is considerable.”

US military planners, the report cautions, already must guard against a range of cyber attacks on their communications, weapons, logistics and navigation systems, and the threat to military networks is growing. Cyber attacks could disable critical equipment and even turn it against its users. Despite productive efforts by the US government and the private sector to strengthen cyber security, the increasing sophistication of cyber threats continues to outpace progress.The report offers several recommendations..

First it recommends that the US government adopt a Comprehensive Strategy for a Safe and Secure Cyberspace.  “The US government,” it says, “should aim to keep malicious activity in cyberspace below a threshold at which it might imperil general confidence in the security of the Internet.”  To do this, the Department of Homeland Security (DHS) should strengthen its capacity for risk assessment and incident response. Congress should pass legislation that creates a new quasi-governmental “fusion” center to improve information sharing, clarifies DHS’s legal authority to monitor U.S. government networks, enables Internet service providers to better cooperate with the U.S. government, and bolsters cyber security education and recruitment programs.

Another recommendation is the forging of what the report calls an International Agenda for Cyber Security.

“ The US government,” the report says, “ should strengthen its international agenda for cyber security. In the near-term, it should foster greater cooperation with US treaty partners to enhance information sharing, crisis response and joint military exercises. In the medium to long term, it should strengthen law enforcement by engaging a variety of international stakeholders to produce multilateral agreements and codes of conduct.” Further, it says,“ The US government should promote key norms in international fora, including protecting innocent civilians and minimizing collateral damage, upholding Internet freedom, and exercising proportionality and restraint in response to cyber attack. 

“Part of this process involves addressing cyber security more directly, and if necessary more publicly, with China and Russia; initiating a coordinated cyber security foreign assistance plan; and encourage American companies to participate in international standard-setting organizations related to cyber security.

The report also urges the US government to increase the economic, political and military costs for cyber attackers while defending against them more effectively. It suggests that this could be accomplished by better clarifying legal authorities related to military and intelligence cyber operations, improving cyber defenses, sustaining America’s offensive military advantage in cyberspace, implementing a cross-domain prevention strategy, and ensuring that the US military can operate in a command and control environment degraded by cyber attacks, and tap into the National Guard and Reserves for high-tech cyber skills.