Saturday, August 1, 2015

cyber retaliation

There's a fight brewing in the Obama Administration over what retaliatory actions to take in response to the hacking that stole personal information about current and former U.S. government employees from the Office of Personnel Management. According to David Sanger  of the New York Times, the administration is determined to do something, but hasn't decided what.

It's stupid to send a message like that, warning the Chinese and making America look weak unless it achieves a major and braggable outcome.

Our highest priority should be to improve our computer defenses, not play offensive games we might lose. And the blame goes far beyond OPM. As Ben Wittes pointed out, the FBI, National Security Agency, and Department of Homeland Security all have legal authority and responsibility to protect government computers -- so they failed as well as OPM.

I have long been worried about the macho mentality that favors cyber offense over defense. We spend several times as much on developing offensive capabilities as defensive ones. That leads us down the slippery slope toward unrestrained cyber warfare when we should be working to find international norms.

If in fact Chinese officials pulled off the OPM hack, they get gold stars for espionage, and it's far from clear that any retaliation would really deter future efforts.

No comments:

Post a Comment