With cybersecurity breaches on the rise in both the public and private sectors, concerns have arisen regarding whether cyberattacks are being properly combated. These rising concerns have many in the IT industry asking if and when the U.S. federal government will develop a national cyberdoctrine to guide U.S. policy in these matters.
Earlier this month, the Potomac Institute Press released a new book #CyberDoc: No Borders – No Boundaries, which addresses the rising concern of cyber-related disasters and the growing need for such a doctrine.
U.S. Cyberdoctrine: Questions to Ask
Before developing a national cyberdoctrine, Michigan’s Chief Security Officer Dan Lohrmann suggested that 10 big questions be asked before moving forward:
“The book is a call to action,” said Tim Sample, vice president and sector manager of special programs at Battelle and co-editor of #CyberDoc. “It says that we are really not only out of time, but we are behind time in having a [national cyber] doctrine that people can relate to as we go forward.”
Sample said a national cyberdoctrine would place an overarching framework on these matters, and would allow for all levels of government to orchestrate a plan on cyber-related issues and determine government’s role in the process.
In the U.S. alone, cyberattacks have not been uncommon. In recent months, the South Carolina Department of Revenue underwent a major cyberattack that compromised millions of customer records. Since the beginning of a series of attacks that started in August by hackers, 3.6 million Social Security numbers were exposed, as well as debit and credit card information from state tax payers.
Loose-knit hacker collective “Anonymous” sparked controversy over numerous incidents involving the exposure of sensitive data after the group targeted companies like Sony and Bank of America.
But even with security breaches making media headlines, David Fisher, vice president of cyberinnovations for Battelle, said it is still unclear who is posing the major threat to the U.S. on cyber-related matters and how severe the threats may be.
“There is no way right now to disguise and deal with those various actors through any kind of policy or doctrine, and I think that that is one of the key points in all of this …” Fisher said. “Is it a criminal activity? Or is it act of war? Is it espionage?”
Although the U.S. continues to face the threat of cyberattacks, the federal government has attempted to address the issue. However, according to Dan Lohrmann, Michigan’s chief security officer, the White House and Congress cannot agree on cyberlegislation. While Lohrmann is in favor of the idea of developing a national cyber doctrine, challenges still lie ahead.
“Unfortunately, I don’t think we have a consensus on what that doctrine should be,” Lohrmann said. “Many in the private sector are afraid of ‘Big Brother’ taking over the Internet, while others worry that we are not doing enough to protect critical infrastructure from a ‘cyber Pearl Harbor’ or major event.”