Homeland Security Experts Seek National Strategy on Beating Cyberattacks
The president needs to order the departments involved to develop a national strategy for dealing with cyberattacks, Michael Chertoff, a former Homeland Security secretary, said at a Bipartisan Policy Center briefing Monday. The challenge was raised by the Cyber ShockWave exercise (CD Feb. 17 p4), said Stewart Baker, a former assistant secretary for policy at Homeland Security. The plan should identify issues like authorities, capabilities, consequences and attributions, Chertoff said. And coordinating with other countries, especially those with advanced cybersecurity capabilities, is critical, he said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
A major question that federal officials would face in a severe cyberattack is how much authority the federal government has to intervene in private networks, said Catherine Lotrionte, associate director of the Institute for Law, Science and Global Security at George Washington University. Baker advocated an aggressive government approach that would lean on network operators to shut down the affected parts of their networks. When there’s a cybercrisis, “we will rely on people who build and maintain the systems” to fix the problems, he said.
Identifying attackers is one of the hardest issues to deal with, Baker said. But finding information on servers responsible for the attacks is an important step to identify the nature of the attacks, Lotrionte said.
Another major takeaway from the Cyber ShockWave exercise is the importance of engaging asset owners, said David Batz, the manager of cyber and infrastructure security at the Edison Electric Institute. The owners have the motivation to protect their systems, he said. Information sharing between the government and the private sector is essential, but privacy is a major concern, he said. Interacting with the private sector is a hard problem, Chertoff acknowledged.