Has the time come to take retaliatory action against digital attacks?
And if so, where is the line drawn? Deb Radcliff reports.
t about the time U.S. Cyber Com-
mand (USCYBERCOM) was
being forged out of the National
Security Agency, a startup named Myko-
nos Software was creating a technology
to positively identify and take direct
action against website attackers. What
do these events have in common?
USCYBERCOM, charged with
coordinating computer-network defense
and directing U.S. cyberattack opera-
tions, will support the Department of
Defense’s new cyberwar mission, includ-
ing offensive actions. There will be some
crossover into the private sector in cases
under presidential order. At the same
time, the emergence of offensive tools in
the private sector represents a renewed
interest in taking action against attackers
even without being driven by authorities.
“The ability to react against known
attackers is all technically doable today,”
says Marcus Sachs, executive director of
government affairs for national security
policy at Verizon. “And the private sec-
tor will certainly have to be brought into
intelligence cyber operations because the
internet is almost entirely run by the pri- (from left) Navy Adm. Eric Olson, U.S. Army Gen. David Petraeus, unidentiﬁed, and Air Force Gen. Duncan McNabb
vate sector, while the military networks prepare to testify on the creation of a ‘Cyber Command’ to defend the United States from computer attack.
that USCYBERCOM is charged to pro-
tect are all run over those public back- says, adding, “I don’t think those legal director, during his Senate conﬁrmation
bones.” Sachs has also served a variety of and policy roadblocks are going to go hearing to head USCYBERCOM in
roles in infrastructure security leadership away anytime soon.” May. Senators at the hearing enthusiasti-
through the Department of Homeland cally pledged to help overcome some of
Security and the White House. A call to cyberwar? these legal and policy obstacles for cyber
But, the biggest question holding Laws and policy were acknowledged operations at USCYBERCOM.
retaliatory measures back has been and as problematic to USCYBERCOM’s The agency’s mission is to integrate
will be: Is this type of activity legal, he mission by Gen. Keith Alexander, NSA the technical capability of military cyber
30 SC • July 2010 • www.scmagazineus.com
operations and synchronize war-ﬁghting cyber as a new war command —particu- stringent action against attackers –
effects to defend the DoD information larly around its impact on civilian organi- beyond the passive detection and block-
security environment so as to protect zations and international relations. ing that they do today.
and defend U.S. national security and “Whenever the Defense Depart- For example, Rochester, N.Y.-based
the lives of men and women in uniform, ment has stood up a new command, like Synergy Global Solutions, a cloud-based
according to a follow-up release to the NORTHCOM or AFRICOM, they’ve managed security services provider, is
May hearing. been clear about their missions and what installing Mykonos for advanced security
To this end, USCYBERCOM also has