As the U.S. government faces cyber attack, 'there's no playbook' for fighting back

Nice nations don't retaliate, but the more hackers steal, the harder it is to maintain that stance.

WASHINGTON—Fight back, critics argue, as the U.S. government faces increasing cyber attacks, with rival nations as the most likely suspects. A passive approach by the U.S. government only emboldens perpetrators—draw a red line, they urge. Most recently, the massive Office of Personnel Management breach has inspired calls for a decisive response.

On the other side, some experts warn that retaliation, in any form, would be shortsighted, simplistic, and unrealistic, potentially undermining America’s interests. The rules of engagement, even informal guidelines, have yet to be written, they say.

The OPM, which handles security clearance for federal government employees, discovered in June that the agency had been hacked. The latest figures reveal that the records of 22 million workers were compromised.

Facing an unknown enemy

Those advocating hacking back say the OPM breach should have been the final straw. But where to strike? The Obama administration has not openly accused anyone—neither an individual or group of individuals, nor a government—of being behind the OPM cyber attack.

Robert Knake, former head of cybersecurity policy at the National Security Council, said those advocating for hacking back are overreacting.

“It’s bad. But it’s not devastating,” said Knake of the confidential data exposed by the breach. “The reason it’s not devastating is that we know about it.”

Speaking at a recent Atlantic Council panel debating the consequences of cyber revenge, Knake said identifying the breach offers the opportunity to mitigate the damage. Once armed with this knowledge, the government can use the hack to its advantage, he argued.

For example, in the event that a nation uses information gleaned from the breach to identify Americans involved in sensitive activities, Knake said the U.S. could respond with misdirection by changing personnel.

cyber attack stock image

Cold-War spying had rules of engagement, but they have yet to be written for the new world of cyber attacks and cyber espionage.

Knake said the leaking of classified National Security Agency information by NSA contractor Edward Snowden changed the norms in cyberspace, making cyber spying an open secret. “We are in the post-Snowden period where the whole world knows the U.S. engages in this kind of [surveillance] activity,” said Knake. Despite vociferous protest from spied-upon allies, the U.S. did not shut down its programs, Knake pointed out. “We got through all those disclosures without … Angela Merkel or anyone else declaring that it was an act of war.”

Fighting cyber espionage requires a different skillset than defending against pre-Internet, traditional Cold War espionage, said Austin Berglas, former head of the FBI’s New York Cyber Branch. “Whatever country is trying to steal our state secrets or international property doesn’t have to have a physical body. They can do it from their own home. There is a cloak of anonymity that people can hide behind to deny the actions.”

Unlike the Cold War, when the adversary was clear, there are many more nations engaged in cyber espionage. China, Russia North Korea and Iran have all been suspected as culprits.

Jason Healey, senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, said that in the Cold War, there was a set of unwritten “Moscow rules” illuminating red lines that would not be crossed.

Cyber espionage is an open secret now

“It wasn’t a treaty, but there was this sense of where each side could go and if they overstep that, than there might be repercussions,” Healey said at the August 19 panel discussion. “We would never kill a Russian. They will never kill an American spy.”

In contrast, Healey said no set of unifying standards exist for resolving cyber espionage conflicts.

“We have had some cyber espionage cases going back to 1986 where the KGB was spying,” said Healey.

In a telephone interview, Daniel Garrie, founder and editor in chief of the Journal of Law and Cyber Warfare, said countries’ varying attitudes towards cyber warfare make it harder to establish standards between the U.S. and other countries.

“Not only is there no playbook for countries and companies looking to respond to a cyberattack,” said Garrie, “but there are arguably a hundred different playbooks, for each country, making the appropriate and permissible response all the more challenging.”

In some countries, Garrie said, hacking is “not per-se illegal and it is certainly not taboo or shameful.” On the contrary, Garrie continued, “it appears in some countries that such activity is encouraged.”

No matter how sweet it seems, revenge remains an option the U.S. government doesn’t openly engage in. While it’s tempting to fighting back against perpetrators aggressively, a tit-for-tat approach risks creating more problems than it would solve.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attack

More about AtlanticCyber WarfareFBINational Security AgencyNational Security CouncilNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kulwant Saluja

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts