Why The U.S. Needs A Strategy For Fighting Cyberwars

michael chertoff

The U.S. needs to develop a doctrine to deal with the growing threat of cyberattacks in both the public and private sector, former Secretary of Homeland Security Michael Chertoff said today.

Speaking at a New York luncheon hosted by Big Data analytics company Opera Solutions, Chertoff said the U.S. needs a set of principles to deal with the 21st century security landscape that includes both physical and cyber threats from an array of actors, including states, terrorists, hacktivists, and “teenagers on a joy ride.”

Recent cyber attacks against Lockheed Martin, Nasdaq, and the CIA and U.S. Senate websites have raised public awareness about cyber threats, but Chertoff argues that these network hacks are only the tip of the iceberg. A more terrifying scenario, he said, would be a cyber attack that targets the network’s operating system or compromises supply chain for sensitive information system hardware and software with contaminated chips.

A new cyber-doctrine requires a fresh look at the way the U.S. collects, mines and analyses information. The U.S. government — and particularly the intelligence community — have traditionally given disproportionate focus to secret information. The military, intelligence and law enforcement agencies and the military have not yet started to use the massive amount of data and intelligence that is readily available on open-source networks.

If the government can find a way to couple that information with its high-level expertise and sophisticated analytic tools, it would be possible to see trends and potential red flags that aren’t included in intelligence reports, Chertoff said. The Arab Spring revolutions, for example, might have been possible to predict if the U.S. had been looking in the right places.

Public and private partnerships are essential to sharing information and data that could thwart a cyber attack, Chertoff added. Given the possible scope of a cyberterrorism, “interdependence is critical,” he said, but outdated regulations and legal barriers hamper public-private collaborations and impede the government’s ability to mine open-source data.

“Lawyers get really risk-averse — it’s a very frustrating process for everybody,” Chertoff told reporters after the lunch. “We ought to take a fresh look at these regulations to align with the current architecture of our systems, instead of treating it as if every regulation is holy writ.”

Click here to see the biggest hacking attacks of 2011 >

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.