The botnet type of cyber-attack that targeted the US defense firm is espionage. The attack did not result in any physical damage but compromised significant technological secrets about a new surveillance system. The features of the damage relate to espionage where a perpetrator gains unauthorized access to confidential information of government or another individual. The absence of tangible physical damage and casualties in the attack supports the decision that it was espionage.
Response of the US
The first quick response of the US in the espionage attack is to identify the sources of the attack. They should shut down the system to audit the level of damage and prevent the hackers from accessing more information. After the identification of the attackers, they should impose financial sanctions against the perpetrators such as freezing their assets or prohibiting commercial trade. They should then audit their systems to detect the vulnerabilities to prevent future attacks.
US Defense Against Cyber Attacks
The severity of the cyber-attacks on the US presents serious challenges, especially when the criminals stop operations and attack the secrets of the homeland security. The attacks target key private and public institutions, where most workers have limited information about cyber security. There is also significant difficulty with interagency information sharing. The private companies and informational infrastructures have weak protection against cyber-attacks. For the US to prevent future attacks such as espionage, it has to take the following measures.
Increase Public Awareness
Cybercrimes often occur due to people’s ignorance about how to detect the attacks and take appropriate action to combat their negative effects. The national government should partner with educators to conduct public awareness of the risks associated with online activities and educate them how to combat the threats. The officials of the cyber security should implement the public awareness strategy to educate the community about the contents of the policy. The public awareness will ensure that the civil liberties, the private sector, local governments and the general public endorses, supports and participates in the implementation of the cyber security policies. The education improves the people’s knowledge on how to detect a cyber-threat and enhance digital safety. The contents of the public awareness programs should include education on cyber predators, responsible use of the Internet and cyber ethics. The awareness should focus on educating children and youths about cyber security since they grow up with technology.
Enhance Information Sharing To Improve Capabilities for Incident Response
The availability of information is crucial to the prevention, detection and response to cyber-attacks. The network providers, data owners, network operators and intelligence organizations may be in possession of information that can help the government to detect and understand sophisticated attacks. The information from the sources may help to plan for an effective response to a cyber-attack.
The federal government should coordinate with the local administration, state governments, and the private sector to develop approaches for sharing cybersecurity-related information. The parties involved can create a non-governmental, not-for-profit organization to serve as a host for the private sector and government to share information. Information sharing is not only important within the US but also outside the country. The federal government should expand information sharing about vulnerabilities and network incidents with the major allies. Thus, the partnerships of the nations will seek bilateral and multilateral agreements aimed at improving cyber security. The legitimate concerns of the private sector over sharing of information will enhance the government plans with other countries. However, information sharing between the US government, the private sector, and the international community will require clarity and accountability.
Improving cyber security across all infrastructures
The privately owned resources and infrastructure need protection from cyber-attacks. The federal government needs to cooperate with the private sector to offer a defense to the industry against cyber-attacks. Criminals can attack the private organizations remotely through computer networks and cause damage to the government, especially if the government has interests in the organization. Though the private network operators have the responsibility to defend their assets, the government can create a framework to help pursue malicious actors and assist with technical support to enable the private sector defend their networks.
Protecting Private Companies
The US should assign Cyber Command with the responsibility of protecting certain private companies. The computer attacks that the US faces from criminals and agents of foreign governments target both the military establishments and the private sector. Protecting the non-governmental part of the country against cyber-attacks is increasingly critical because the US depends on the corporations for ensuring national security. The corporations develop the military supply for the nation and also design most of the computer hardware and software for the government uses. The country also contracts corporations to conduct critical security functions such as collecting and processing of intelligence information. In case of cyber crime, the government could lose vital information and secrets to the adversaries, hence, the need to protect the private companies.
The Standard to Determine the Companies to Defend
The private companies, especially network providers, hold data and information of high economic interests and vital national security. The perpetrators of cyber intrusions in the form of corporate and nation-state espionage target the particular private companies. The first criterion to determine the companies the government will defend is the cooperation between the private entity and state. The companies differ in their level of importance to the state. Businesses in the Defense Industrial Base (DIB) oversee aspects of national interest, and the government accords it more cyber security. DIB includes private and public corporations and organizations that provide weapon systems, personnel and defense technologies to the Department of Defense. According to the deputy secretary of defense, cyber-attacks to DIB information system are potentially dangerous to the US national security. Therefore, the DOD created a cybersecurity and information assurance program, in which it provides protection to classified and unclassified information of the DIB.
Another standard is whether the private company controls part of the critical infrastructure and crucial resources of the United States. The US government has interests in protecting the companies because the companies are incapable to operate safely or their destruction may have an adverse impact on security, environment or the economy. The key areas to the US include resources, either publicly or privately controlled, that are necessary for the minimum operation of the government. Thus, the state encourages the influential private companies to remain incorporated into the National Cybersecurity and Communications Integrations Center (NCCIC) when the state is conducting steady operations. However, the participation of the private companies in offering the crucial services to the government is voluntary.
The US Should Lead International Cyber Agreements
The US has a significant role to play in the international arena. The roles include preserving peace and stability, safeguarding national security and economic interests, protecting the individual rights of citizens and empowering innovation. Thus, the US is the most favorable position to lead the coordination of an international cyber agreement.
Countries cannot individually address all the security challenges presented by cyberspace. The countries need international cooperation in the cyber realm to combat the challenges successfully. As the global politics engage in international negotiations on cyber security, they need a leader that has already experienced policies to protect from cyber security challenges. The US fits the bill as the most appropriate country to take the lead.
The US should head cybersecurity agreements because of its technological supremacy. It has extraordinary cyber technology that is difficult to break in the cyber domain. The cyberspace is very central in the US advanced economy, making it more vulnerable to adversaries. Therefore, cybersecurity agreements will potentially limit the threats on the valuable information and serve the US interests in the long run.
Challenges of Getting the Agreement
The president of the US faces a myriad of challenges in the quest to get international agreements on cyber security. International agreements can fail to work in case some member countries have irreconcilable differences with the US or other members of the agreements in terms of policies. Countries have a divergent perception about the political uses of the Internet, human rights, and privacy. The nations with divergent perceptions may not be able agree on a common cyber agreement.
Another challenge for successful operations of the international cyberspace security is animosity of some countries with the US; however, their cyber activities cannot be ignored when making agreements. A successful agreement requires that the four major hostile countries change their behavior. The first country is Russia, which is the primary source of cybercrime. It also participates in political-military espionage. The country is among the big five and the biggest opponent of the US international cyber policy. The second country is Iran that has significant cyber capabilities that it uses to subject the US to political pressure. In addition, China and North Korea have conducted a network reconnaissance that can help the four opposing powers launch cyber crimes against the US infrastructure. North Korea has a vast knowledge of cyber-attack capabilities that they have built for many years. The jihadist groups with basic cyber skills may have connections with Iran and Russia, which becomes a potential challenge to the international cyber policy.
The final serious challenge is the nations’ upholding of some fundamental rights. Most fast growing economies support freedom of speech and access to information, putting them at odds over the cyberspace policies that people perceive as authoritarian. The US can win the support of the countries by conducting persuasive arguments on the importance of cybersecurity, international governance, and privacy. Since the US does not have the required persuasive tools, their views concerning the Internet are perceived as deceitful.
Necessary Changes in the US Cyber Policy
The occurrence of cyber-attacks even in the existence of the cyber policy indicates that there are serious weaknesses in the security strategy that need urgent changes. The government should comprehensively review the policies to ensure the objective protection of data. For example, the policy on security classification and clearance requirements prevents different agents from sharing cybersecurity information. Moreover, the policy governs the federal government’s collection, use, dissemination and retention of information, but constrains data sharing within the federal departments and agencies. Interagency information sharing is vital in the defense against cyber-attacks. The review of the policy should aim at ensuring the preservation of private and civil liberties rights, improvement in information sharing and protection of sensitive data. Further, the review should accommodate the progress of the federal government through its Security and Suitability Reform Initiative and reflect the information sharing security efforts in the policies.
The final change needed in the cyber policy is the role, responsibilities and authorities of the government agencies within the cyberspace environment. The agencies tasked with defending the cyberspace are incapable of performing their responsibilities because their authority does not provide them with the secure cyberspace. According to the cyberspace policy review of 2011, the President confessed that the US government has ineffective organization of addressing the cyberspace problems The current policy distributes responsibility for cyber security across many federal agencies and departments. The sections have overlapping authorities with none having the authority to make decisions. Therefore, under the current policy the agents cannot consistently direct actions that involve conflicting issues. For the adequate defense of the US networks against threats from criminals, terrorists, and other adversaries, the government needs to alter its roles, authorities and responsibilities.