December 8, 2008
Panel urges better response to hackers
Cyberspace thieves and pirates who hack government computers should be vigorously combated across the entire US national security landscape according to a report issued by a panel on computer security.
In the last few years, lone hackers and/or sophisticated operations backed by unfriendly governments have been able to penetrate many sensitive networks in the Pentagon, FBI, and other agencies. The threat has become so great that an action plan has been proposed:
"Responding to a cyber attack is a tough issue," said James Lewis of the Center for Strategic and International Studies, a Washington-based think-tank that organized the commission. "Do operators respond with law enforcement, espionage or military actions? The guidelines are really unclear. The rules designed in the 1980s are slow, and the Internet is fast."
The proposals by the Commission on Cybersecurity for the 44th Presidency were being delivered to Capitol Hill during a period of increasing exasperation within the U.S. government over embarrassing computer break-ins at the Pentagon, White House, State Department, Commerce Department and elsewhere that have been traced in recent years across foreign borders, notably to Russia and China.
The report urges the Obama administration to make clear to America's enemies and allies how it will respond when it detects and traces such attacks, depending on whether break-ins are blamed on hackers, criminals or foreign governments. U.S. options could include trade or financial sanctions or military attacks.
"We have to have a solid cyber doctrine," said Jerry Dixon, former deputy director for the U.S. National Cyber Security Division at the Homeland Security Department. "When does a cyber attack rise to the occasion of requiring military action? Or maybe it's something that law enforcement or the intelligence community can deal with?"
Some of the proposals call for "Congress to pass new laws to allow for speedier investigations — and in some cases quicker retaliation once intruders are identified. It proposed online "data warrants," for example, rather than traditional search warrants, which it said "may be increasingly impracticable in the online environment."
The report will be delivered to Capitol Hill today.