“Offensive Cyberwar”
How to Protect the United States
Richard Clarke provides an excellent assessment of the measures needed to protect the United States during cyberwar and asserts specific measures the Federal government can take in order to effectively respond to attacks from other nations. While the author underscores the importance of tactics within the realm of offensive cyberwar, it is also important to note that defensive cybersecurity is also important during the early stages of attack. Since there is no international peace treaty preventing nations from engaging in cyberwar by initiating the first strike, it would be safe to assert that state and non-state actors would most likely be the cybercriminals who would launch the first attack against the United States and its critical infrastructure. For this reason, the U.S. implementing policies and strategies for protecting networks and critical infrastructures, as well as the specific procedures for responding to attacks, remains a necessary component of the overall national security strategy for protecting the homeland and American interest abroad. Therefore, it may be necessary for the Department of Homeland Security to respond to attacks taking place within the United States, and also work in combination with the Department of Defense Cyber Command division in order to help devise a response strategy for attacking other nations internationally. Even though defensive cybersecurity is an important step to uphold networks and critical infrastructures, the offensive cybersecurity is what allows the Federal government to deter other nations from engaging in cyberattacks on American resources. In a potential best case scenario, the United States would identify and provide resources to eliminate threat agents and patch networks after a cyberattack and then quickly change its focus to engaging in effective strategies for offensive cyberwar against other nations.
Potential Cyberwar
Clarke asserts that a cyberwar with Russia or China would most likely occur in the future due to these nations possessing extensive offensive cyberwar capabilities. In previous chapters, the author described the United States as being the nation that is most dependent on the internet and networked devices, thereby making it the most vulnerable to attacks from other nations. Since the U.S. has such great dependence on these technologies, Clarke believes this should be a motivating factor in the nation developing its offensive cyberwar strategies in case of a conflict occurring with Russia, China or any other nation. The author asserts that he has been involved in many security exercises during his time working for the Federal government, dating back to the Cold War. Clarke finds it extraordinarily useful for cybersecurity professionals to engage in security exercises to help them devise offensive cyberwar strategy. In chapter six, Clarke creates a scenario in which the United States is engaging in cyberwar with China over the next few years; he calls it ‘Exercise South China Sea’. During this theoretical scenario, the United States has done very little to increase its cyber defenses and China has become slightly more dependent on the internet. The scenario describes China as a very difficult adversary during cyberwar, as the country has control over all the networks and could monitor and block any traffic coming from an outside nation. This creates a small window in which the DOD can actually implement cyberwar tactics against China. Clarke asserts that the United States could have a difficult time in the theoretical cyberwar because it would be easier for China to attack the United States than vice versa.
Offensive Cyberwar
Clarke asserts specific offensive cyberwar measures that need to take place during the theoretical scenario in order to effectively respond against cyberattack. The first procedure would be to use cyberwar to dissuade the Chinese government from acting militarily over the contested waters. If that should fail, then the U.S. should reduce as much as possible the Chinese government’s ability to pose a risk to the nation and its allied forces. Third, would be the implementation of strategy that reduces China’s ability to project force during cyberwar. Fourth, gain access to critical infrastructure within China in order to deter the nation from further attack and cause its population to question its cyberwar strategy. Fifth, Cyber Command should work in collaboration with other Federal government agencies in order to prevent the Chinese government or Chinese-inspired attacks on the U.S. military or critical infrastructure.
Strategy
Developing exercises to examine the United States’ role in engaging offensive cyberwar is an excellent strategy for cybersecurity professionals to implement in order to protect their networks and critical infrastructures. After conducting the exercise it becomes apparent that Cyber Command needs to react swiftly to cyberattack and implement strategies that promote the national security of the United States. These exercises represent great supporting evidence for Clarke during chapter six and seven as he builds the case for international cyber peace treaties within nations. One of the most challenging components of the offensive cyberwar strategy is that the United States will always need to react to initial cyberattacks by state and non-state actors before it can engage in offensive cyberwar strategies. It appears that it is to Cyber Command’s advantage to implement offensive cyberwar tactics early during its engagement with other nations in order to strike before an adversary like China can inspect packets or remove outside traffic from reaching networks. Conducting a theoretical examination of the United States’ offensive cyberwar capabilities is a proven strategy according to Clarke, who benefited from these exercises when developing a response to the attacks on 9/11. In the best case scenario, Cyber Command can use its offensive cyberwar tactics to deter nations from further attacks early during military tensions, and implement strategies for controlling an adversary’s critical infrastructure should cyberwar continue to escalate without deterrence. Due to the interdependent nature of the 16 critical infrastructures within the United States, establishing policies and strategies for handling a potential cyberwar can help mitigate potential damages to Cis that could have a direct impact on population’s ability to access communication networks, financial data, transportation and other critical resources within the country.