Cyberoffense capability replacing nuclear bomb as ultimate deterrence

Being able to launch first strikes and counterattacks will help deter potential cyberthreats, especially important for nations amid the increasing interconnectivity of critical infrastructure, say government IT veterans.

SINGAPORE--Developing cyberoffensive capabilities may be increasingly relevant for governments in order to deter attacks and protect their infrastructure.

This is especially critical facing a wave of "next generation" adversaries amid the rise of the Internet of Everything , said Anthony Bargar, former security advisor at the United States' Office of the Secretary of Defense. He was speaking at industry conference GovWare here on Wednesday.

Bargar noted the increasingly pervasive interconnectivity raised the risk of critical infrastructure being paralyzed by cyberattacks. For example, power grids would soon be connected to the Internet to form smartgrids, and everything including even toasters would soon have IP addresses, he noted.

"The industry isn't catching up fast enough to that level of security," said Bargar. He explained priorities have always been userbility versus cost, leaving security as an afterthought.

bargar govware singapore
Anthony Bargar, former security advisor at the U.S. Office of the Secretary of Defense, at GovWare in Singapore. (credit: Ryan Huang/ZDNet)

Offense is the best defense

"Cyberdeterrence is the new cold war reality," he noted, adding there will be increasingly more state-sponsored attacks, insider threats and attacks aiming for cyberdestruction.

"You deter people by having an offensive capability."

Philip Hammond,
U.K. Defence Secretary.

Bargar's comments come just days after the United Kingdom emphasized the need for a offensive capability to deal with cyberthreats, adding cyberdeterrence to nuclear deterrence.

U.K. Defence Secretary Philip Hammond told the Mail: "You deter people by having an offensive capability. We will build in Britain a cyberstrike capability so we can strike back in cyber space against enemies who attack us."

Echoing those views, Tony Chew, director specialist advisor at the Monetary Authority of Singapore, said cyberattacks have become increasingly favored by adversaries as they were covert and minimized collateral damage. He pointed out there were even commercial firms now offering cyberoffense for hire such as Vupen.

Read this

Obama can 'order pre-emptive cyber-attack' if U.S. faces threat

According to a source speaking to The New York Times, President Obama can authorize a 'pre-emptive strike' against a nation if U.S. national security is at risk.

Read More

"If you are going to fight you cannot just be defending, you must have capability of launching the first strike," said Chew, during a separate keynote at GovWare.

According to Bargar, it is not realistic to expect to be able to afford to defend everything, so it will be important to outline a list of critical assets to prioritize. He noted most business continuity plans were built around natural disasters, but it was necessary to start thinking in terms of cyber-resilience.

Cyber-resilience is being able to recover quickly through cyberconflict to a trusted environment, explained the former advisor to the Office of the Secretary of Defense. Ways to improve resiliency include mapping the network, the complex cascade effects and single points of vulnerability, he said. Staff should also conduct exercises together under serious IT degradation.