Monday, March 27, 2017

America's plan for stopping cyberattacks is dangerously weak

Updated by Greg Allen Mar 27, 2017,

image (not from article) from


The US State Department has been trying for nearly a decade to establish behavioral norms in cyberspace, while the US defense and intelligence communities have been working to establish credible cyber deterrence. Toward the end of the Obama Administration, there were some signs of progress, such as Obama’s threat of economic sanctions on China. These helped reduce (but did not eliminate) China’s state-sponsored cybertheft of US intellectual property. The Department of Justice (DOJ), for its part, recently released indictments full of damning evidence of the Russian government’s collaboration with cyber criminals.
Unfortunately, the leaked draft of President Trump’s executive order on cyberthreats and efforts to combat them did not mention the DOJ or the State Department’s work on cyber norms. Both omissions are significant errors, as is the administration’s budget request, which plans to cut State Department funding by 31 percent just as the agency’s diplomatic efforts on cyber are gaining momentum. A military-first approach to cyber fails to recognize the important role that law-enforcement and diplomatic organizations have in achieving US goals in this domain.
What follows are moves the Trump administration could make to demonstrate that it is taking this fast-developing threat seriously: ...
If the United States sought to be especially aggressive, they could even take control of major Russian news and media websites in order to disseminate the information.
  • Punish Russian cyber units: In noncyber warfare, retaliatory attacks are traditionally considered less escalatory when targeting the specific military unit that attacked you. The United States should therefore consider imposing costs upon the Russian cyber units involved in hacking US elections. The bank accounts of the units’ leaders might suddenly empty — or, again, embarrassing personal information about them might begin to circulate. 

winter scene of the kremlin
The United States could respond to the Kremlin’s cyberattacks with proportionate hacks.
 Oleg Nikishin/Getty

Though these retaliatory attacks are designed to be proportional and nonescalatory, there is no guarantee that the Russians would perceive them that way, so they must be backed up by effective communication and public diplomacy.

No comments: