A new report titled “Cyberwarfare and Cyberterrorism: The Need for a New U.S. Strategic Approach,” authored by retired Gen. Eugene Habiger of the U.S. Air Force, concludes that that the public and private sector must deploy secure systems that are properly tested and certified to withstand sophisticated cyberattacks.
In addition, the government must ensure that the privately-owned critical infrastructure systems are secured, as well as coordinate a public awareness campaign to promote personal cybersecurity, such as the use of stronger passwords.
"The government, in my view, needs to take the lead to get this issue on the front burner," Habiger, the former commander-in-chief of the U.S. Strategic Command, told SCMagazineUS.com on Monday. "Right now, it's on the back burner."
Habiger added that he hopes the report fosters a sense of urgency among those in government and the public sector regarding the significance of cybersecurity and cyberterrorism.“We, as a country, have been worrying about this for 12 years and there has been no real action,” Habiger said. "It's time for action.”
He said that while deploying secure systems is necessary, it won't be easy or cheap.
“However, it wasn't easy or inexpensive to land a man on the moon, but that didn't stop our nation,” he wrote in the report.
Rob Housman, executive director of the Cyber Secure Institute, told SCMagazineUS.com on Monday that hopes Habiger's report resonates with decision-makers.
“This should be on the desk of every policy-maker,” Housman said. “It's such a critical issue, and while we are hunting for a national security paradigm to deal with it, Gen. Habiger has provided that.”
Housman added there currently are technologies available that are "inherently secure" and capable of defeating sophisticated attacks.
In addition, the report states that deterrence and pre-emptive strikes to eliminate "clear and present danger" — two components of America's national security strategy — should not be relied on to defend the nation against cyberthreats. For deterrence to work, for example, attackers must have an idea of what actions will trigger retaliation. Most cyberattacks, however, leave no trace.“These rotary phone-era strategies are not well suited for today's digital world,” the report states.
A separate report issued in October also puts cyberdeterrence into question. That report, "Cyberdeterrence and Cyberwar,” prepared by nonprofit research group RAND Corp. and commissioned by the U.S. Air Force, concluded that cyberwar presents unique challenges that hinder cyberdeterrence, such as the difficulty of knowing who attackers are, what damages they caused, and if they can repeat the attack.
