Questioning US Policy on Cyberattacks

April 22, 2010

How can the United States prevent cyberattacks against its national and commercial interests? How feasible is the traditional concept of deterrence in the cyber realm, and what needs to be done to build an international regime to constrain cyberattacks? Institute Senior Fellow Sue E. Eckert is engaging these questions at Brown and in Washington.

At Brown, Eckert is hosting cybersecurity expert Herbert S. Lin, chief scientist for the National Research Council’s (NRC’s) Computer Science and Telecommunications Board, to give a talk on “Cyberattack as a Tool of US Policy?” on Friday, April 30. (A related event takes place on Thursday, April 29, when Computer Science Professor John Savage – currently on assignment to the US State Department – gives a talk at his department on “Cyberspace – Taming the Wild West.”)

Lin last year co-edited an NRC report on Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, which says that “the current policy and legal framework regulating use of cyberattack by the United States is ill-formed, undeveloped, and highly uncertain.” The report calls for clear national policy regarding the use of cyberattack, developed through open debate within the US government and diplomatic discussion with other nations.

Last month, another NRC committee on which Eckert serves issued a separate paper on strategies for deterring cyberattacks. This Letter Report for the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy lays out a set of questions that need to be addressed to “drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important US information systems and networks.”