Does U.S. Truly Want Cyber Peace?
Getting Warren Buffett on Board to Promote CybersecurityThe United States government does not want peace in cyberspace, contends cyber-conflict historian Jason Healey, a former White House cyber infrastructure protection director.
"We like the fact that it is a Wild West because it lets us do more attack and exploitation," says the director of cyber statecraft initiative at the Atlantic Council, a defense think tank.
In an interview with Information Security Media Group, conducted last week at the Black Hat USA security conference in Las Vegas, where Healey presented his ideas in a session titled Saving Cyberspace, he also discusses:
- Getting stockholders to use their influence in getting top executives and board members to toughen their enterprises' cybersecurity. "If I were advising the president, and this is a little tongue-in-check, I'd get Warren Buffett on board."
- Defining the national Internet policy to emphasize economic benefits it brings. "Internet is the actual engine of the U.S. economy; it is the engine, frankly, of our civilization increasingly. And, you know, in Washington, D.C., our conversation is about whether cyber is the domain of warfare [and] it's a global commons. We've got to completely separate it from this militarized policy that cyber is now something different than Internet policy. And ... cyber is winning at the expense of Internet policy."
- The uphill challenges facing cyber defenders in preventing more damaging attacks. "It's getting ever-more complex; the offense has had the advantage for over 35 years. Everything I have heard so far at Black Hat is that that trend is only getting worse."
Militarizing Cybersecurity
Healey says the United States has been taking nearly every negative trend that it dislikes on the Internet and exploiting it.
"Espionage, spying, militarizing, using cyber-capabilities -- we've been leading all that effort," says Healey, editor of A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, published last year by the Cyber Conflict Studies Association. "We gotten ourselves in a place where now that's the primary priority, even if we don't mean it to be, the direction the money is flowing, the direction of the power, the direction of the bureaucratic oomph."
Healey contends the United States government has three sets of Internet-related policies, embodied by 1) the National Security Agency and United States Cyber Command, both Defense Department units are based in Fort Mead, Md., and focused on defending military system; 2) Commerce Department, concentrated on wide-band Internet access and ICAAN, which governs Internet domains worldwide; and 3) State Department, dealing with Internet freedom. And, he says, that's three too many.
"If you have three sets of priorities, you can't play them against one another. And where they compete, it makes it difficult to say here's the one that should be the real priority," he says. "So, we let the NSA priorities, the Fort Meade, the military priorities, intelligence priorities dominate. If you talk about national security in cyber, in Washington, D.C., you don't mean the future prosperity of the American economy, upon which we are completely dependent; you mean more computer network attack and exploitation in an increasing degree and tone."
In an interview last year with ISMG, Healey expressed concerns about the United States overacting to alleged Iranian DDoS attacks by responding with Stuxnet-like assaults [see Confronting Iran as a Cyber-Adversary].
Healey also co-authored the book Cybersecurity Policy Guidebook, published by Wiley. As director for cyber infrastructure protection at the White House from 2003 to 2005, he coordinated efforts to secure American cyberspace and critical infrastructure.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.