Tuesday, April 26, 2011

Washington still doesn't "get" cyber war

Today's story (What we learned from Stuxnet) begins:
If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to cyber-emergencies, the head of the U.S. Department of Homeland Security said Monday.
 My net-net assessment is that current cyber law makes it impossible for the private sector to "respond quickly," because:

  1. The response needs to be in milliseconds and not hours or days, which means
  2. The response needs to be automated, and
  3. The response needs to be based on a publicly stated doctrine that unambiguously spells out a counter-attack doctrine, which means
  4. Current cyber law must be dramatically changed to allow counter-attack measures.
In other words, the private sector needs a get-out-of-jail-free card if certain cyber attack scenarios unfold. The only workable solution I've been able to come up with is…yeah, I'm a broken record. Got a better idea? Let me hear it!

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?