A global cyber arms race is engulfing the Internet and the best way to counter the rapidly escalating threat is combining the efforts of U.S. agencies, private firms and international allies, cyber security officials said on Tuesday.
Cyber experts from across the U.S. government, speaking at a conference at Georgetown University, said organized crime, espionage and security activity on the Internet pose a rising threat to U.S. intellectual property, military superiority and critical infrastructure.
“What we’re looking at is a global cyber arms race,” said Rear Admiral Samuel Cox, director of intelligence at U.S. Cyber Command, which was set up 18 months ago to protect Pentagon computer networks and conduct offensive cyber operations if the president orders them.
“It’s not proceeding at a leisurely or even a linear fashion but in fact is accelerating. I wouldn’t claim that it’s following Moore’s law, but the curve looks kind of similar,” he said, referring to a computer industry rule of thumb that computer processing power doubles every couple of years.
Howard Schmidt, cyber security coordinator at the White House, said more than $8 trillion worth of transactions were carried over wired and wireless networks each year.
“This is not just a national security issue,” he told the conference. “It’s a national security, public safety as well as economic.”
Officials said the most effective way to counter the threat is to adopt an approach that promotes collaboration among government agencies and reaches out to private industry as well as international partners.
“To really operate effectively in cyberspace … it’s really a team sport,” said Steven Schleien, the principal director for cyber policy at the Pentagon.
That’s why the Defense Department has been working with private companies and allies like NATO, Japan and South Korea to discuss information sharing and coordinated responses to incidents on the Internet, he said.
NATO wants to bring all of the civilian and military networks in the organization under the wing of the NATO Computer Incident Response Capability by the end of 2012, which would allow a coordinated response to cyber attacks.
The United States has begun discussions on cyber security with Japan, South Korea and New Zealand, and is working closely with the Britain and Australia on a “full spectrum” of cooperation in cyberspace, Schleien said.
The United States does not view arms control treaties as a means of dealing with the problem but would like to see the international community agree on norms of behavior for cyberspace, he said.
“This is not an area where arms control works. I don’t know what we would monitor. I don’t know how we would verify anything in terms of cyber weapons or cyber tools,” Schleien said.
Discussions on norms of behavior would begin to address the issue of how to fight proxies who carry out Internet attacks on behalf of governments, and “hactivists,” who attack computer networks for their own political ends.
“How do you deal with hactivists from your soil?” Schleien asked. “Are you responsible as a sovereign nation for what comes out of your country?”
The issues are sensitive and complex. A U.S. nonprofit group, for example, concluded Russian civilians acting with advance notice of Russian military intentions carried out cyber attacks in the 2008 Russia-Georgia conflict.
Some websites used to organize those attacks were hosted in the United States.