Government Technology

Should the U.S. Develop a National Cyberdoctrine?



Photo from Shutterstock

December 14, 2012 By

With cybersecurity breaches on the rise in both the public and private sectors, concerns have arisen regarding whether cyberattacks are being properly combated. These rising concerns have many in the IT industry asking if and when the U.S. federal government will develop a national cyberdoctrine to guide U.S. policy in these matters.

Earlier this month, the Potomac Institute Press released a new book #CyberDoc: No Borders – No Boundaries, which addresses the rising concern of cyber-related disasters and the growing need for such a doctrine.

U.S. Cyberdoctrine: Questions to Ask

Before developing a national cyberdoctrine, Michigan’s Chief Security Officer Dan Lohrmann suggested that 10 big questions be asked before moving forward: 

  • What data and threat information can be shared before, during and after cyberattacks? (This includes public- and private-sector roles/responsibilities.)
  • What are the roles of the National Security Agency, the U.S. Department of Homeland Security, other agencies or the military in private networks in the U.S.?
  • Can we engage in offensive capabilities to stop the attackers?
  • What privacy rights do citizens and corporations have regarding Internet activities?
  • Who pays for what cybersecurity protections? What is voluntary and what is mandatory?
  • Do we need minimum standards for critical infrastructure? 
  • With 80 percent or more of Internet infrastructure owned by private companies, what is the government’s role and what are the private-sector roles?
  • What is an act of war in cyberspace? When do nations cross the lines?
  • How can we govern cyberspace in the U.S. and around the globe? (What is the United Nations’ role?)
  • What training is needed on the doctrine? How will it be provided?

Image courtesy of Shutterstock

“The book is a call to action,” said Tim Sample, vice president and sector manager of special programs at Battelle and co-editor of #CyberDoc. “It says that we are really not only out of time, but we are behind time in having a [national cyber] doctrine that people can relate to as we go forward.”

Sample said a national cyberdoctrine would place an overarching framework on these matters, and would allow for all levels of government to orchestrate a plan on cyber-related issues and determine government’s role in the process.

In the U.S. alone, cyberattacks have not been uncommon. In recent months, the South Carolina Department of Revenue underwent a major cyberattack that compromised millions of customer records. Since the beginning of a series of attacks that started in August by hackers, 3.6 million Social Security numbers were exposed, as well as debit and credit card information from state tax payers.

Loose-knit hacker collective “Anonymous” sparked controversy over numerous incidents involving the exposure of sensitive data after the group targeted companies like Sony and Bank of America.
But even with security breaches making media headlines, David Fisher, vice president of cyberinnovations for Battelle, said it is still unclear who is posing the major threat to the U.S. on cyber-related matters and how severe the threats may be.

“There is no way right now to disguise and deal with those various actors through any kind of policy or doctrine, and I think that that is one of the key points in all of this …” Fisher said. “Is it a criminal activity? Or is it act of war? Is it espionage?”

Although the U.S. continues to face the threat of cyberattacks, the federal government has attempted to address the issue. However, according to Dan Lohrmann, Michigan’s chief security officer, the White House and Congress cannot agree on cyberlegislation. While Lohrmann is in favor of the idea of developing a national cyber doctrine, challenges still lie ahead.

“Unfortunately, I don’t think we have a consensus on what that doctrine should be,” Lohrmann said. “Many in the private sector are afraid of ‘Big Brother’ taking over the Internet, while others worry that we are not doing enough to protect critical infrastructure from a ‘cyber Pearl Harbor’ or major event.”


You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Should-the-US-Develop-a-National-Cyberdoctrine.html


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

GovTech Papers and Case Studies View Library


Government Best Practices


Collaboration for the Public Sector


Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.

Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Today, thanks to new cloud technologies and high-quality networks, mobile video services - which provide not only cost savings but which help governmental interactions become more efficient - are more feasible than ever before.

Modernization as a Service: Acquiring IT through Innovative Procurement

Five Ways Collaboration is Driving Government Performance

Mobile Video Collaboration: The New Business Reality
 

Government Technology
Public CIO
Emergency Management
Digital Communities