[Infowarrior] - Cyber-equivalent of Monroe Doctrine

[Richard Forno]

http://lastwatchdog.com/cyber-equivalent-monroe-doctrine-needed-repel/


Cyber-equivalent of Monroe Doctrine needed to repel Internet attacks

   on Internet security by Byron Acohido
   March 10, 2009

   President Obama ought to invoke the cyber equivalent of the
   Monroe Doctrine to repel rising Internet attacks against
   America.

   So testified Oracle's tough-talking Chief Security Officer,
   Mary Ann Davidson, at a Congressional hearing today.

   History refresher: Back in 1823, President James Monroe
   decreed that any attempt to extend foreign political systems
   onto U.S. soil would be considered an act of aggression
   requiring U.S. intervention. Simple as that. Monroe sought to
   repel European imperialists bent on colonizing chunks of the
   tenuously-governed Americas.

   It worked. The Monroe Doctrine became a key tenet of U.S.
   foreign policy invoked by Calvin Coolidge, Herbert Hoover and
   John F. Kennedy.

   Substitute foreign cybercrime lords bent on colonizing U.S.
   computers and networks -- and the tenuous state of cyber
   defenses -- and the parallel is riveting

   "We are in a conflict, some would call it war," Davidson
   testified before the House Subcommittee on Emerging Threats,
   Cybersecurity, Science & Technology. "Let's call it what it
   is. Given the diversity of potentially hostile entities
   building cadres of cyberwarriors, probing our systems for
   weakness, infiltrating government networks and making similar
   attempts against businesses and critical industries,
   including our defense systems, is there any other conclusion
   to be reached?"

   A call to defend U.S `cyberturf `

   The hearing was held to get a mid-way status report of a
   60-day review of U.S. cybersecurity policy being conducted by
   management collaboration expert, Melissa Hathaway.

   "The advantages of invoking a Monroe-like Doctrine in
   cyberspace would be to put the world on notice that the US
   has cyberturf, and that we will defend our turf," Davidson
   testified. "We need to do both -- now."

   Davidson's call to arms was reinforced by testimony from
   David Powner, GAO's director of IT management issues; Scott
   Charney, Microsoft Vice President of Trustworthy Computing;
   Jim Lewis, director of the Center for Strategic and
   International Studies; and Amit Yoran CEO of security firm
   NetWitness.

   The experts delivered a wide range of proof points showing
   how the U.S.  citizens, businesses and governments have been
   under rising cyberattacks for several years.

   Yoran, a former senior official in the Department of Homeland
   Security, testified that the the U.S. has been "experiencing
   a 9/11 in cyber attacks" for a number of years. "Because
   there is no visible catastrophic outcome, we lie in bed at
   night asleep without realizing how much damage is being
   done."

   Underscoring this Last Watchdog investigation of corporate
   intrusions, the GAO's Powner noted that foreign nations and
   criminals are targeting organizations "to gain a competitive
   advantage and potentially disrupt or destroy them," and also
   pointed out "that terrorist groups have expressed a desire to
   use cyberattacks as a means to target the United States."

   Truly comprehensive plan needed

   The experts agreed that there is a dire need for a truly
   comprehensive cyber security plan - one that involves
   public/private partnerships and global cooperation.

   One of the top recommendations of the CSIS bi-partisan
   committee that spend more than a year culling cybersecurity
   ideas to deliver to the 44th president was a call for
   regulation. The private sector "will never deliver adequate
   security and the government must establish regulatory
   thresholds for critical infrastructure," testified Lewis,
   CSIS director and senior fellow.

   Charney, the Microsoft executive and a  co-chair of the CSIS
   bi-partisan committee, cautioned that regulation must be
   carefully "tailored."

   "Finding the required balance will be difficult," said
   Charney. "But if we fail to use regulation to improve our
   national cybersecurity, if we do not identify mandatory
   actions to secure the digital infrastructure, the Obama
   administration will have no more success than any of its
   predecessors."

   The experts also were unanimous about there being a singular
   entity best-suited to shaping and implementing such a plan:
   the White House.

   "Only the White House has the authority to bring many large
   and powerful agencies to follow a common agenda and to
   coordinate with each other," said Lewis. "The White House and
   only the White House can set strategy and policy, ensure that
   agencies are following them and resolve agency disputes."

   Beckstrom acknowledged

   Attending the hearing was Rod A. Beckstrom, who just resigned
   from a key cybersecurity post in the Department of Homeland
   Security.  Co-author of a best-selling management book, The
   Starfish and the Spider, Beckstrom could not escape
   smothering controls put on him by the National Security
   Agency.

   Rep. Bennie Thompson D-Miss., and Rep. Yvette Clarke D-New
   York, acknowledged Beckstrom. Clarke called Beckstrom's
   resignation "an unfortunate loss." Thompson made note of
   "ineffective leadership, unclear organizational structure and
   poorly defined roles" demonstrated by federal agencies and
   corporations trying futilely to put up a cyber defense.

   "I along with many of my colleagues were optimistic when Mr.
   Beckstrom was brought on to lead the National Cyber Security
   Center," said Thompson. "He has organizational expertise. He
   has worked extensively with the private sector. But Mr.
   Beckstrom did not have experience working miracles. "

   -Byron Acohido