Former Department of Homeland Security chief Michael Chertoff said combating groups like LulzSec and Anonymous pose a unique problem for law enforcement because "the big challenge is attribution." However, it's possible that the U.S. government could find itself in a cyberwar with a network.
Chertoff, speaking in New York at a lunch hosted by Opera Solutions, an analytics company, gave a talk largely on cybersecurity. He noted that the U.S. needs to form a cyberattack doctrine that outlines all the nuances of attacks and various degrees of response.
The hardest part--given the high-profile attacks from leaderless groups--is finding the right actors involved. "Do we respond if we don't know who had bad intent, but can locate the server that is a weapon against us? Do we take out the server in real life or cyberspace? There's not going to be a clear line and we may take that server out in physical and cyber domains."
The big question with dealing with hactivists is finding the line where an attack moves from a law enforcement issue to an act of war. Chertoff said that the government would be reluctant to respond to someone "defacing a Web site or stealing data even sensitive data." But, he added, a loss of life could turn an attack into an act of war.
One hypothetical scenario posed by Chertoff was an attack on air traffic control that led to the loss of life.
"We are at war with a terrorist network today so we can be at war with a network. When attacks moves from criminality to something that warrants a military response depends," he said. "This is going to be very fluid."
Chertoff's talk was notable because it opened the door to a point where a cyberattack could lead to a response to take out a server. Welcome to the new world.
Other key items from Chertoff:
- Analytics will play a key role in security as the never-ending flow of data will be utilized by both the private sector and government in cooperation.
- It's unclear whether the "huge rash of stories about cyberattacks" meant an "increased appetite for these type of intrusions" or just more attention paid to cybersecurity.
Chertoff said the government needs to create a doctrine on what would be an act of war in the event of an cyberattack. This doctrine would revolve around the following:
- Determining what attacks are most important and have degrees of response.
- We must consider the vector of attack. Network attacks are the most common, but the supply chain may be more important. The big issue, says Chertoff: "We have to be concerned about is the supply chain. The ability to check every chip is not practical. How can we ensure ourselves that we have hardware and software we can trust? We do need to manage the risk."
- Dealing with all kinds of actors. What's the response against a hactivist, a kid or government?