Former Department of Homeland Security chief Michael Chertoff said that combating groups like LulzSec and Anonymous pose a unique problem for law enforcement, because "the big challenge is attribution". However, it's possible that the US government could find itself in a cyberwar with a network.
(Credit: US Government)
Chertoff, speaking in New York at a lunch hosted by analytics company Opera Solutions gave a talk largely on cybersecurity. He noted that the US needs to form a cyber attack doctrine that outlines all of the nuances of attacks and various degrees of response.
The hardest part, given the high-profile attacks from leaderless groups, is finding the right actors involved. "Do we respond if we don't know who had bad intent, but can locate the server that is a weapon against us? Do we take out the server in real life or cyberspace? There's not going to be a clear line, and we may take that server out in physical and cyber domains."
The big question about dealing with hactivists is finding the line where an attack moves from a law enforcement issue to an act of war. Chertoff said that the government would be reluctant to respond to someone "defacing a website or stealing data, even sensitive data". But a loss of life could turn an attack into an act of war.
One hypothetical scenario posed by Chertoff was an attack on air traffic control that led to the loss of life. "We are at war with a terrorist network today, so we can be at war with a network. When attacks moves from criminality to something that warrants a military response depends," he said. "This is going to be very fluid."
Chertoff's talk was notable, because it opened the door to a point where a cyber attack could lead to a response to take out a server. Welcome to the new world.
Other key items from Chertoff:
- Analytics will play a key role in security, as the never-ending flow of data will be utilised by both the private sector and government in cooperation.
- He said it was unclear whether the "huge rash of stories about cyber attacks" meant an "increased appetite for these type of intrusions", or just more attention paid to cybersecurity.
- The government needs to create a doctrine on what would be an act of war in the event of an cyber attack. This doctrine would revolve around the following:
- Determining what attacks are most important, and have degrees of response.
- Consider the vector of attack. Network attacks are the most common, but the supply chain may be more important, said Chertoff. "The big issue we have to be concerned about is the supply chain. The ability to check every chip is not practical. How ensure ourselves that we have hardware and software we can trust? We do need to manage the risk," he said.
- Dealing with all kinds of actors. What's the response against a hactivist, a kid or a government?
Via ZDNet US