Cybersecurity: Washington DC is a World of Grey

Thursday, June 07, 2012

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

We cannot attack another country as a result of a cyber attack unless the attribution is clear, we need proof. We cannot call anything a cyber attack because it is not clearly defined. 

We do not have clear definitions of many issues in cyberspace, therefore we cannot act. 

This has been our mantra in the computer security world, the world of information security, of cyber warfare, of information assurance or… the list is exhaustive of what to call what we do. 

The fact is our US State Department cannot sign many treaties in cyberspace and we cannot establish a lot of cooperation because there is a lack of a definition or there is no established threshold for most of what we deal with. 

Part of that problem is that as soon as the ink dries, which is almost instantaneously, most of the conditions will change.  More pings means there is either more traffic, more noise or it is an attack. As soon as we’ve decided, it changes.  Everything must be black or white, 1s and 0s, off or on, up or down.

Washington DC and politics do not work that way. Every piece of legislation has a background, a nuance and/or a meaning – most of the time the public will never have a complete understanding of what the bill is all about. 

Backroom deals, backscratching, teaming, alliances, caucuses, committees, parties, friendships, history and unspoken meanings – they all impact every action by a politician. 

Freshman politicians are often accused of being naive and perhaps they are, but they will quickly have things explained to them and they will play the game or their political career will be as a first termer.

Someone questioned a cyber piece I wrote as being unduly politically biased and I agreed, much to his annoyance. When it comes to Washington DC, politics and politicians, cyber does not fit.

I suggest we consider alternatives to many of our 20th century conveyances.  Instead of definitions we embrace Wiki-type definitions, which can change and all parties can add, change, delete or suggest alternatives.

Instead of set standards we use 21st century tools, instead of a set number we can establish a dashboard, which all parties can suggest dynamic thresholds. We need to accommodate non-state actors in negotiations, laws and actions. 

We need to embrace new tools for our new environment. Welcome to the 21st century.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
9784
Network->General
Federal
Policy Politics Government Regulation Cyber Security Attacks legislation National Security Attribution
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.