Until now, the Cyber Command has assumed a largely defensive posture, but in the spring the Defense Department opened the door to nearly daily raids on foreign networks, seeking to head off attacks.
The United States has the most fearsome cyberweaponry on the planet, but we won’t use it for fear of what will come next.
Source: Why Hackers Aren’t Afraid of Us
Unfortunately for the United States, it was executed by Russia.
Amid a crisis in U.S. cyber policy, a pair of reports on deterrence and international engagement offer recycled ideas.
What did the UK attorney general say about the principle of sovereignty in cyberspace and countermeasures as a self-help remedy to cyber-enabled breaches of international law?
Should such an organization even get off the ground, it would soon fall apart. But there are other paths to take.
If we truly want to understand cyber war, we need to do better than misapply analogies from past conflicts that do not fit the modern threat profile.
With his education credentials and experience the author can not be unaware of a few facts. May be he is biased towards hard deterrence and consequence driven action as a CT, WMD guy. He does not like State either, let alone Obama’s State.
He would have a point if any one was suggesting to institute only norms and do not have an escalation ladder but that is not the case. Norms can justify action. The law is not well developed in the area and as the international community struggles to agree on, or fit in the LOAC, norms will develop no matter what, and precede future laws rather then succeed them. The question is how much one can influence those norms. May be he is suggesting a negotiation stance strategy.
And since when did State veto capabilities for the NSA and Cybercom? Although network intrusion collection capabilities can be used for offensive purposes, discovery of cyber espionage tools are not de facto evidence of offensive intent and can mean the opposite. No norm or law will limit or apply to espionage operations anyways since the enabling authorities are, or are based on the law, which the State can object to beforehand at the cabinet level.
But if the Russians and other malign cyber actors are emplacing weapons on our critical infrastructure and we can’t discern or disable all of them, cyber norms will have the effect of limiting the United States, but not malign actors.
John Bolton’s approach to interdicting weapons of mass destruction might offer a useful model for promoting cybersecurity cooperation.