6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Christopher Perr<br />
This command is the new U.S. Cyber Command and was announced in June of 2009. Before that the<br />
Air Force was hoping to form their own combatant command, but instead settled for a numbered<br />
command. The Navy and Army have their own units as well. With all these new units confusion<br />
regarding responsibility is inevitable.<br />
The mission of U.S. Cyber Command is:<br />
“...to coordinate computer-network defense and direct U.S. cyber attack operations (US<br />
military prepares for ‘cyber command, 2010).”<br />
Unfortunately, this new command with a somewhat clear mission did not seem to solve all of the ills<br />
that cyberspace has created. In January of 2010 the Pentagon attempted to respond to a simulated<br />
cyber attack.<br />
“The results were dispiriting. The enemy has all the advantages: stealth, anonymity, and<br />
unpredictability. No one could pinpoint the country from which the attack came, so there<br />
was no effective way to deter further damage by threatening retaliation. What’s more, the<br />
military commanders noted that they even lacked the military authority to respondespecially<br />
because it was never clear if the attack was an act of vandalism, an attempt at<br />
commercial theft, or a state-sponsored effort to cripple the United States, perhaps as a<br />
prelude to conventional war (Markoff, 2010).”<br />
As U.S. Cyber Command has not officially stood up yet it can only be hoped that the response to a<br />
cyber attack would improve after a governing body has been established. Unfortunately, this still<br />
leaves a third problem in our cyber strategy. What about the civilian side?<br />
In March of this year a graduate student in Liaoning, China named Wang Jianwei authored a paper<br />
titled “Cascade-Based Attack Vulnerability on the U.S. Power Grid.” The paper actually had nothing to<br />
do with attacking the U.S. power grid, but instead was a technical exercise with the goal of increasing<br />
security for networked power grids. The paper still created cries of outrage and questions as to who<br />
was in charge of our grids well-being. The interesting part to take note of is that Jianwei chose the<br />
U.S. power grid because it had the most information available on the inner workings of the network<br />
(Markoff, 2010).<br />
At the same time, according to Nielsen Online, in August of 2009 almost 75% of the United States<br />
was listed as ‘users of the internet’ (Miniwatts Marketing Group, 2009). You can imagine that ‘internet<br />
user’ includes lots of activities like banking, social networking, commerce, and business. Without even<br />
mentioning necessities like the power grid or other services, the e-commerce sector alone was worth<br />
more than $100 billion in 2007. You can see why the civilian sector would have a vested interest into<br />
the handling of cybersecurity. The concern is that the DoD will dominate the area of cybersecurity and<br />
the civilian side will be forced to submit to harsh and sometimes arbitrary regulation.<br />
The answer to the concerns raised about the DoD’s dominance of cyber security and operations? The<br />
Department of Homeland Security will eventually be receiving a Director for Cybersecurity, and<br />
currently has in place an Office of Cybersecurity and Communications. Their specific responsibility is<br />
listed below.<br />
“The Office of Cybersecurity and Communications (CS&C) is responsible for enhancing<br />
the security, resiliency, and reliability of the nation’s cyber and communications<br />
infrastructure. CS&C actively engages the public and private sectors as well as<br />
international partners to prepare for, prevent, and respond to catastrophic incidents that<br />
could degrade or overwhelm these strategic assets (Department of Homeland Security,<br />
2010).”<br />
As of right now it could be said that none of that is taking place. Recently, when Google first feared<br />
that their operation in China had been hacked, they turned to the NSA, not the Department of<br />
Homeland Security, to help sort out the problem (Markoff, 2010). Where is the communication and<br />
organization for who deals with what? This is without even mentioning that the FBI and the Secret<br />
Service both have units that work in cyber security. The FBI is now also responsible for investigating<br />
cyber crime on U.S. companies even though the attack may have occurred well outside our borders<br />
(FBI probes cyber attack on Citigroup, 2010).With the convoluted policies and rapid changes it is easy<br />
to see where one might be confused. There is no clear guide as to who responds, or how.<br />
Unfortunately, that does not bode well for the defense of the United States. The best that can be said<br />
210