I have been working with Mike Daniels on a new book about Network Solutions and the commercialization of the Internet. Our research has included interviewing many of the people who were instrumental in the development and commercialization of the Internet — from its beginnings within ARPA, up to the point that SAIC sold Network Solutions to VeriSign.
One of the topics that comes up over and over is Internet security, and the potential threat to our national security. It was therefore with much interest that I followed Defense Secretary Gates’ announcement last week of a new Cyber Defense Command within the Pentagon.
This is good news, as the new command will presumably centralize much of our nation’s efforts to defend against attacks on our critical information technology systems as a part of the U.S. Strategic Command in Omaha. This command is currently responsible for commanding operations in nuclear and computer warfare. The goal is to get the Cyber Defense Command up and running within a year and a half.
The commander will be the current director of the National Security Agency, Lt. Gen. Keith Alexander. According to Verisign, the company — which is the keeper of the Internet’s A server — is hit by more than 2 million hacker attacks a day. Cybercriminals and terrorists — some sanctioned by foreign governments — are on the rise. I think the new Cyber Defense Command will have its hands full.
I recently learned that Russia has proposed a new international treaty for cybersecurity. I was not surprised, however, to learn that the U.S. and Russia have different priorities when it comes to drafting the proposed treaty.
While the Russian administration argues that there should be an international treaty for cyberspace, much like previous treaties for the use of chemical weapons, the Obama administration has stated that such a treaty is unnecessary. Obama’s approach would be to improve cooperation among international law enforcement organizations.
I do not know exactly what a cyberspace treaty would cover and how it would be verified and enforced. According to one article I read about this topic, Russia proposes to ban countries from secretly embedding malicious codes or circuitry that could be later activated from afar in the event of war.
In my opinion, rogue nations would be unlikely to sign onto the treaty, and even those countries that did sign the treaty could likely launch cyberattacks in ways that could not be easily detected. I am curious why Russia is pushing for the treaty, especially since the country has been implicated in highly disruptive cyberattacks on Estonia and Georgia.
Is it possible the Russians hope to disarm their potential adversaries, while reserving the right to engage in cyberwar for themselves? For some reason, I am reminded of an old story about a large, wooden Trojan horse.