Should MAD Make its Way Into the National Cyber-Security Strategy?

Monday, May 25, 2015

Brent Huston

E313765e3bec84b2852c1c758f7244b6

Arguably, Mutually Assured Destruction (MAD) has kept us safe from nuclear holocaust for more than half a century. Although we have been on the brink of nuclear war more than once and the Doomsday clock currently has us at three minutes ‘til midnight, nobody ever seems ready to actually push the button – and there have been some shaky fingers indeed on those buttons! 

Today, the Sword of Damocles hanging over our heads isn’t just the threat of nuclear annihilation; now we have to include the very real threat of cyber Armageddon. Imagine hundreds of coordinated cyber-attackers using dozens of zero-day exploits and other attack mechanisms all at once. The consequences could be staggering! GPS systems failing, power outages popping up, banking software failing, ICS systems going haywire, distributed denial of service attacks on hundreds of web sites, contradictory commands everywhere, bogus information popping up and web-based communications failures could be just a handful of the likely consequences. The populous would be hysterical! 

So, keeping these factors in mind, shouldn’t we be working diligently on developing a cyber-MAD capability to protect ourselves from this very real threat vector? It has a proven track record and we already have decades of experience in running, controlling and protecting such a system. That would ease the public’s very justifiable fear of creating a Frankenstein that may be misused to destroy ourselves.

Plus think of the security implications of developing cyber-MAD. So far in America there are no national cyber-security laws, and the current security mechanisms used in the country are varied and less than effective at best. Creating cyber-war capabilities would teach us lessons we can learn no other way. To the extent we become the masters of subverting and destroying cyber-systems, we would reciprocally become the masters of protecting them. When it comes right down to it, I guess I truly believe in the old adage “the best defense is a good offense”.

Thanks to John Davis for this post.

This was cross-posted from the MSI State of Security blog. 

6559
Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked