Should the US Apply Cold War Doctrines to Cyber War?

Cold war doctrines on how to respond to nuclear attack need to be applied to the 21st century threats of cyber attacks and espionage.

That was what Michael Chertoff, former US Homeland Security secretary, said this week at the RSA Security Conference in London, according to The Register.

Chertoff also mentioned that 100 countries now have the capabilities to perform cyber attacks and cyber espionage. Though cyberwar is a serious threat, should US cyber war doctrine be the same doctrine we used to defend ourselves against a nuclear attack?

Nuclear weapons could vaporize an entire area and leave it inhospitable for 20-30 years. Where many times cyber attacks are more espionage related, they could turn deadly if power, telecommunications or infrastructure is damaged in a large city. Civil security, medical and food supply could be the heaviest hit.

But one thing that really sticks out to me is the sheer number of nations that have cyber war capabilities. When you compare 9 countries that have nuclear weapon capabilities to the 100 that have cyber attack capabilities, this is a whole new ball game. The attack could almost come from almost anywhere and strike anywhere at anytime.

Cyberwar is very cheap compared to the technology, infrastructure and financial output it takes to build nukes. Also, if someone launched a nuke, pretty sure it could be tracked back to the country of origin fairly easily. Where cyber attacks are very stealthy and sometimes are bounced through several different countries before hitting their target.

What is scary too is that Chertoff mentioned an attack against air traffic control systems. Ira Winkler, former NSA agent and president of the Internet Security Advisors Group said that not only is such an attack possible, but security was never built into air traffic control systems to begin with.

This brings up another issue. The level of force used in responding to a cyber attack. If a third world country launches a cyber attack against the US and disables it’s air traffic control systems while planes are in the air, hundreds of planes and thousands of lives would be at risk. Would we respond by disabling their air traffic control system, when they may only have ten airplanes total in the whole country?

Many experts have said that the US will not take cyber security seriously unless there is a cyber 9/11. The US needs to sit down with the international community and hammer out realistic policy now on responding to cyber attacks. The longer we continue without black and white policies the greater the risk will become.  


7 thoughts on “Should the US Apply Cold War Doctrines to Cyber War?”

  1. I don’t usually reply to posts but I will in this case.
    my God, i thought you were going to chip in with some decisive insght at the end there, not leave it
    with ‘we leave it to you to decide’.

    1. Thank you for the feedback!

      Honestly, I actually wish I had some decisive insight for this issue. I do feel though that trying to apply military doctrine that worked in the 50’s-80’s probably isn’t going to cut the mustard.

      Many of these attacks fit more into the realm of espionage than what we would normally call warfare.

      In the case of electronic warfare, I think it is time to reframe what we call an attack. But herin lies the problem, if China hacks Microsoft to get source code for the latest OS, is that a cyber attack? or cyber espionage?

      Now stuxnet is a true cyber weapon. Specifically crafted to affect SCADA control.

      The international community needs to sit down and create policy concerning cyber war and cyber espionage. If you do this to us, you can expect this as a response. For example if you try to DDoS us, you will lose the source node from your network, we will take it down. (Yes, we can do that)

      Another one might be, If you use something like Stuxnet, that could cause loss of life, you will face a physical, kinetic response.

      But what about attacks that are more cyber espionage related, maybe something like ‘if you steal corporate source code, we will respond by wiping the drives of machines at the source location’.

      And if we did wipe drives in another country, how would they respond? It really gets into a spaghetti mess. Maybe what Michael Chertoff meant to say is that with the cold war doctrine, Russia knew what would happen if they launched nukes, we would respond in kind. there was no wiggle room.

      Cyber war and cyber espionage is serious stuff. This is why nations need to sit down and hammer this out. And they need to do it sooner than later.

  2. Perhaps if applied selectively. Ultimately that mindset may hamper our cyber abilities.

    I don’t think we fully comprehend the scope of the changes cyber-warfare has created. Look at StuxNet/Iranistan. Think of all the time, money, manpower, and blood spent GLOBALLY, playing that game. Think about the policies, that black-ops, the way that the world is being molded because of what’s going on there.

    Now, apply the possibility that the entire thing MAY have been wiped away by a few guys on PC’s God know’s were.

    It changes EVERYTHING. It’s like the evolution of military conflict from horses and spears to tanks and gunpowder.

    If you are a student of history, you know that the entire history of the world has rested on the outcome of certain conflicts, sometimes, on battle in said conflict. And more often than not, the outcome of that battle was decided by the applications of some new technology by one side against the other.

    IN that sense, apply cold-war concepts to cyber-warfare makes as much sense as apply Custer’s rules for engagement to the mechanized Calvary today…

    1. Dead on bro. I love the reference to Custer!

      Man, I really like the fact that the military has said that they are willing to us black ops in response to cyber attacks.

      I think this needs to be laid out very well. Cyber war changes a lot of things. In regular conflict, we have uniformed troops in uniformed vehicles facing each other in a combat area.

      Hackers could be state sponsored, an unemployed or disgruntled worker, a member of a crime syndicate, or just someone freelancing. No uniforms (usually 🙂 ) and the attack could come from any location in the world, and at any time.

      This does change everything, and unless all hackers start to wear “I am a dangerous Hacker” armbands, America has to figure out and get some policy in black and white on how we are going to respond.

  3. To all the above commentors. Blogs can be much better to read if You can keep Your comments simple and to the point. No-one likes to read giant comments when the concept can be conveyed using a not as long comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.