[Infowarrior] - Tone Down the Cyberwarfare Rhetoric, Expert Urges Congress

Thu Mar 21 06:54:50 CDT 2013

(Agree COMPLETELY! ---rick)

Tone Down the Cyberwarfare Rhetoric, Expert Urges Congress

	• By Kim Zetter
	• 03.20.13
	• 6:36 PM

http://www.wired.com/threatlevel/2013/03/tone-down-cyberwar-rhetoric/

As the nation spent this week pondering the wisdom of its decision to invade Iraq a decade ago, a witness urged Congress on Wednesday to consider more carefully how the United States will respond to a cyber 9/11 should one occur and to weigh carefully the use of strong statements that could force the nation to respond forcefully to a cyberattack, whether doing so is wise or not.

Referring to last week’s announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks “tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for.”

Put in perspective, cyber attacks might disrupt life, but they cannot be used to occupy another nation’s capital or force regime change. No one has yet died from a cyberattack either, he noted. Therefore, a cyberattack in and of itself, “does not demand an immediate response to safeguard national security,” Libicki said during a hearing on cyberthreats against critical infrastructure from China, Russia and Iran.

In order to avoid a rash decision in the wake of an attack, he said the nation needs to exert now as much effort worrying about how to respond to such an attack as it spends worrying and warning that such an attack will occur.

“[W]e are right to be worried about a ’9/11 in cyberspace,’ but we also ought to worry about what a ’9/12 in cyberspace’ would look like,” he said.

The government should take the time to carefully consider the risks and consequences that a strong reaction to a cyber attack will produce and weigh them carefully against alternatives that could be more effective and cost less in the long run, such as downplaying the damages or disruptive effects of an enemy attack or simply “fixing or forgoing software or network connections whose vulnerabilities permitted cyber-attacks in the first place.”

By wailing about the damages of an attack in order to drum up outrage, we’re inviting more attacks, Libicki suggested.

“The more emphasis on the pain from a cyberattack, the greater the temptation to others to induce such pain — either to put fear into this country or goad it into a reaction that rebounds to their benefit. Conversely, fostering the impression that a great country can bear the pain of cyberattacks, keep calm, and carry on reduces such temptation,” he said. Even though there might be good arguments in favor of “drawing red lines for deterrence purposes — ‘if you do this, I will surely do that’ — … if deterrence fails, such a declaration tends to constrain one into carrying out retaliation.”

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.