The US Department of Defense is working on new rules of engagement in cyberspace, that would allow it to act more quickly to protect the US’ interests in the event of a cyber attack.
“The new rules will make clear that the Department has a responsibility not only to defend DOD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace,” said US defense secretary Leon Panetta in a speech yesterday. “These new rules will make the Department more agile and provide us with the ability to confront major threats quickly.”
Panetta claimed that the US has improved its ability to detect the origin of a cyber attacks, which he hopes will discourage such attacks. “Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack,” he said.
The DoD has also improved its ability to counter cyber attacks as they happen, he said. "The Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace."
Still, the rules governing acceptable behaviour in cyberspace need to be clarified, Penetta said. The Cybersecurity Act of 2012 – which proposed cyber security information exchanges between public and private sector organisations, but which was opposed by privacy advocates as a "cyber surveillance bill in disguise" – "has fallen victim to legislative and political gridlock," Panetta said.
"That is unacceptable to me, and it should be unacceptable to anyone concerned with safeguarding our national security."
Panetta called for an executive order from the president to allow public-private information sharing processes. "We have no choice because the threat we face is already here. The president has a constitutional responsibility to defend the country.”
Speaking to a Business Executives for National Security meeting aboard the USS Interpid in New York, Panetta outlined some recent high-profile cyber attacks.
Discovered earlier this year, the Shamoon vrius appeared to target oil and gas companies. Saudi oil giant Aramco had to destroy 30,000 PCs infected with the virus, Penetta claimed.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said.