Skip to content

Battling the Avalanche of Cyber-Attacks

March 23, 2013

Within the last month, both the European Commission and the White House have proposed new policies designed to halt the recent avalanche of cyber-attacks. While facing similar cyber threats, the two are planning very different ways in dealing with the problem. On the one side of the base camp stands the US; ready to get on the offense by blowing up the snow-covered mountaintop. On the other side stands Europe, building snow walls, hoping that the snow nets will be supportive enough to protect the valley against a disastrous avalanche. 

While the value of offensive cyber capabilities has been labeled as overrated, Europe is making a mistake by limiting itself to self-protection measures and by choosing not to cooperate more closely with the US’s CYBERCOMs offensive plans to charge the summit.

Pentagon’s Blowout Option

Last week, the Pentagon approved a major expansion of its offensive cyber-warfare force. During the State of the Union address, the US President and Nobel peace prize laureate announced that the US is ready to conduct offensive cyber operations against foreign adversaries. Sure, this could just be simple rhetoric. However, the growing interest of US offensive operations is bringing (lucrative) changes in the US cyber-security industry. On Monday, Stockholm International Peace Research Institute (SIPRI) released their annual “Top 100 Arms Sales” report, which places cyber security capabilities within the top 100 trendiest “must-haves” for this season.

Pentagon is also working on more lenient rules of engagement for the offensive cyber-warfare doctrine. General Keith Alexander whom heads both the Cyber Command and the National Security Agency has often called for greater flexibility in “taking the attack to the enemy”. With a budget of $3.4 billion for next year, the ‘flexibility’ is certainly there.

Since Europe lacks US’s “flexibility”, most of Brussels’ policy makers asks: Why climb up the mountain and conduct a preemptive blow if the snow is not causing any major harm? Well, for now at least.

Oh, Those European Safety Nets

On the European side of the mountain, the value of offensive capabilities seems overrated and unnecessary. In short, the European Commission only looks at offensive cyber-warfare as a supporting crutch out of many other tools used in war. For the EU, improving attribution of cyber-attacks is the higher priority – meaning finding out from where the avalanche typically starts at and why. (One hint is to look at that recently discovered Chinese P.L.A. “Unit 6139” whom are hacking at the ice cracks.) For Europe, getting caught is a deterrent strong enough which state actors do take seriously.

However, given that cyber-attacks can be launched from almost anywhere and using proxies, attribution will remain the most difficult capability to develop. Analyzing the contexts, motives, technological capabilities and with appropriate response within international law is another set of challenges. Finally, as skilled cyber-security experts is not an abundant commodity and whom governments typically do not carefully invest in, it will take years to develop skills to even cover the basic parts of the dangers lurking at the glacial mountain.

Getting Caught with your Fingers in the Cookie Jar

Besides the fear of getting caught with your fingers in the cookie jar, perhaps the EU’s greatest reluctance to cooperate with the US to develop a common offensive cyber-warfare doctrine is because of the US’s mentality that “offense beats defense” is not compatible with Europe’s pre-cautionary, “lets-follow-international-law” thinking. As Martin C. Libicki at RAND Corporation argues, there is no persuasive argument to develop an offensive weapon simply because a potential adversary has one. First, it is hard to know what others have. Second, the best response to an offensive cyber-attack is to fix the leaking holes in the safety net. In addition, neither China nor Russia has been particularly deterred by getting caught eating America’s and Europe’s cookies.

Hiking Up the Hill Together?

The question becomes what role an offensive cyber-warfare doctrine will play going forward and why Europe should join the US on the hike up the mountain to explore the blowout options. Perhaps both base camps can share their knowledge of how the mountain looks like form both sides; perhaps they could learn from each other’s experiences of past destructive avalanches; or perhaps even split the costs throughout the journey of developing a comprehensive offense doctrine.  Europe would be wise to join the US on their preemptive attempts to control the avalanche. For now Europe’s protective snow nets are letting through lots of ice and the avalanche rushing down uncontrollably is damaging crucial infrastructure in its path.


From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: