Group calls for formal cyberattack policy

The United States’ policy and legal framework regarding launching cyberattacks is “ill-informed, undeveloped and highly uncertain” and the country needs a public national policy in that area that applies to sectors of government, according to a report released Wednesday by the National Research Council.

The report, from the council’s Committee on Offensive Information Warfare, said cyberattack capabilities greatly expand policymakers’ options and that an open discussion about the country's cyberattack policy was needed. The group said much of the public policy debate has focused on cyber defenses.

“We are of the opinion that the policy issues related to cyberattack are important enough to the nation to warrant serious public discussion — and I emphasize public discussion — about its significance and place in the U.S. policy toolkit,” Kenneth Dam, a co-chairman of the committee and a professor at the University of Chicago law school, said at a news conference.

The group also recommended that the government maintain and acquire effective cyberattack capabilities and conduct high-level wargaming exercises to understand the dynamics and potential consequences of cyber conflict. The government should also support academic research on the topic, the committee said.

The report draws a distinction between cyberattacks, the intentional alteration disruption or destruction of adversary computer systems or networks, and cyber exploitation. Cyber exploitation, the group said, generally does not try to disturb the normal functions of a system, but instead focuses on obtaining information from the system.

The committee said legal analysis of cyberattacks should focus on the direct and indirect effects of an attack, rather than how it is carried out. The group also said policymakers should judge the direct and indirect consequences of cyberattack when making decisions.

The committee found the law of armed conflict and the United Nations’ Charter to be applicable to cyberattacks, and said that the U.S. should work to reach agreements with other nations regarding cyberattacks. However, the council said the situation is complicated by difficulty in attributing cyberattacks to nation states and that it was unrealistic to expect the U.S. to unilaterally dominate cyberspace.

The council also encouraged the government to consider establishing a structure through which an industry can seek immediate help if it comes under cyberattack.

The report recommended that the government have a clear, transparent and inclusive structure for making decisions on whether to launch a cyberattack. The government should also do a periodic accounting of cyberattacks undertaken by the military and agencies with the results available to senior decision-makers.

The study was sponsored by the MacArthur Foundation, Microsoft Corp. and the NRC. The report used only unclassified materials and the authors didn't confer with the officials conducting the Obama administration’s review of cybersecurity policy, the NRC said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.