Greater transparency needed in development of US policy on cyber attack

cyber attackWashington, April 30 : A new report from the National Research Council has determined that the current policy and legal framework regulating use of cyber attack by the US is ill-formed, undeveloped, and highly uncertain.

The United States should establish clear national policy on the use of cyberattack, while also continuing to develop its technological capabilities in this area, it says.

The US policy should be informed by open national debate on the technological, policy, legal, and ethical issues of cyberwarfare, according to the committee that wrote the report.

“Cyber attack is too important a subject for the nation to be discussed only behind closed doors,” said Admiral William Owens, former vice chairman of the Joint Chiefs of Staff and former vice chairman and CEO of Nortel Corp., and Kenneth Dam, Max Pam Professor Emeritus of American and Foreign Law at the University of Chicago School of Law, who co-chaired the committee.

Cyber attacks - actions taken against computer systems or networks - are often complex to plan and execute but relatively inexpensive, and the technology needed is widely available.

Defenses against such attacks are discussed, but questions on the potential for, and the ramifications of, the United States’ use of cyber attack as a component of its military and intelligence arsenal have not been the subject of much public debate.

Although the policy and organizational issues raised by the use of cyberattack are significant, the report says, “neither government nor society at large is organized or prepared to handle issues related to cyber attack, let alone to make broadly informed decisions.”

The U. S. could use cyber attack either defensively, in response to a cyber attack from another nation, or offensively to support military missions or covert actions, the report says.

Cyber attacks can be conducted anonymously or falsely attributed to another party relatively easily, making it difficult to reliably identify the originator of the attack, it added.

Clear national policy regarding the use of cyber attack should be developed through open debate within the US government and diplomatic discussion with other nations, the report says.

The U. S. policy should make it clear why, when, and how a cyberattack would be authorized, and require a periodic accounting of any attacks that are conducted, to be made available to the executive branch and to Congress. (ANI)

Technology Update: