Cyber security: We need a better plan to deter hacker attacks says US:

The US needs to fundamentally rethink its strategies for stopping cyber attacks and should develop a tailored approach to deterring each of its key adversaries, according to a new government report.

The report published by the US State Department - like a recent paper on botnets - comes in response to an executive order signed by President Donald Trump last year, which called for a report "on the nation's strategic options for deterring adversaries and better protecting the American people from cyber threats."

The report said that while the US has become dependent upon sophisticated networked information systems, its rivals have been learning to exploit that dependence to "steal from Americans, disrupt their lives, and create insecurity domestically and instability internationally."

The cyber threat posed by rival states - and by Russia, China, Iran and North Korea in particular - is often alluded to by intelligence agencies, but the US and its allies have struggled to find a way to deter these cyber intrusions.

The unclassified cyber-deterrence overview published by the State Department doesn't mention particular countries, but said that strategies for deterring malicious cyber activities "require a fundamental rethinking". The report said that the US has made efforts to promote a framework for "responsible state behaviour in cyberspace", but noted that this has not stopped state-sponsored cyber incidents.

"The United States and its likeminded partners must be able to deter destabilizing state conduct in cyberspace," the State Department warned.

Of course, the US has plenty of military muscle should it come to full-on cyberwarfare, but it's much harder to tackle cyber attacks that don't necessarily deserve an armed response - which make up the majority of attacks.

The report said the US should develop a broader menu of consequences that it can impose following a significant cyber incident. The US should also take steps to make it easier to prove who is behind cyber attacks, it said.

Another big problem is the poor state of cyber security. "Efforts to deter state and non-state actors alike are also hindered by the fact that, despite significant public and private investments in cybersecurity, finding and exploiting cyber vulnerabilities remains relatively easy," the report said.

"Credibly demonstrating that the United States is capable of imposing significant costs on those who carry out such activities is indispensable to maintaining and strengthening deterrence," the report added.

According to the State Department, the three key elements of cyber deterrence should include:

(Via Latest Topic for ZDNet in security)

Curious what your take is on this, Dear Friends.

I'm not sure how the State Department, the U.S. government's diplomats, think that this kind of response is workable diplomatically. Maybe it is in the report, which I have yet to read. But who needs context to respond?



My original entry is here: Cyber security: We need a better plan to deter hacker attacks says US. It posted Tue, 05 Jun 2018 14:55:26 +0000.

Filed under: business,