[ISN] RSA - US cyber counterattack: Bomb one way or the other

From: InfoSec News (alerts@private)
Date: Sun Feb 11 2007 - 22:38:29 PST


By Ellen Messmer
9 februari 2007

If the United States found itself under a major cyberattack aimed at 
undermining the nation's critical information infrastructure, the 
Department of Defense is prepared, based on the authority of the 
president, to launch a cyber counterattack or an actual bombing of an 
attack source.

The primary group responsible for analyzing the need for any cyber 
counterstrike is the National Cyber Response Coordination Group (NCRCG). 
The three key members of the NCRCG, who hail from the US-CERT 
computer-readiness team, the Department of Justice and the Defense 
Department, this week described how they would seek to coordinate a 
national response in the event of a major cyber-event from a known 

This week's massive but unsuccessful denial-of-service (DoS) attack on 
the Internet's root DNS, which targeted military and other networks, did 
not rise to the level of requiring response, but made the possibility of 
a massive Internet collapse more real than theoretical. Had the attack 
been successful there may have been a cyber counterstrike from the 
United States, said Mark Hall, director of the international information 
assurance program for the Defense Department and the Defense Department 
co-chair to the NCRCG, who spoke on the topic of cyber-response during 
the RSA Conference in San Francisco.

We have to be able to respond, Hall said. We need to be in a coordinated 

He noted that the Defense Department networks, subject to millions of 
probes each day, has the biggest target on its back.

But a smooth cyber-response remains a work in progress. The NCRCG's 
three co-chairs acknowledge it's not simple coordinating communications 
and information-gathering across government and industry even in the 
best of circumstances, much less if a significant portion of the 
Internet or traditional voice communications were suddenly struck down. 
But they asserted the NCRCG is ready to stand up? to confront a 
catastrophic cyber-event to defend the country.

We're working with key vendors to bring the right talent together for a 
mitigation strategy, said Jerry Dixon, deputy director for operations 
for the National Cyber Security Division at US-CERT. We recognize much 
infrastructure is operated by the private sector. The U.S. government 
has conducted cyber war games in its CyberStorm exercise last year and 
is planning a second one.

The third NCRCG co-chair, Christopher Painter, principal deputy chief at 
the Justice Department, said the cyber-response group also seeks to 
communicate with 50 countries around the world where monitoring for 
massive cybersecurity events go on as well. Some of them have some of 
the same communications issues we have here, he noted.

The Department of Homeland Security?s National Response Plan calls for 
coordination with a number of agencies, including the Department of 
Treasury, when the decision for a national response is made. So far, 
there has been no major cybersecurity event against the United States 
that has prompted the need for a national response.

The massive DoS attack attempt against the Internet's root-servers this 
week, which specifically targeted military networks, raises the question 
whether the United States would ever respond with a counterattack.

It's the President's call, said Hall said, pointing out the 
recommendation for a counterattack would be passed to the chief 
executive via the U.S. Strategic Command in Omaha.

In the event of a massive cyberattack against the country that was 
perceived as originating from a foreign source, the United States would 
consider launching a counterattack or bombing the source of the 
cyberattack, Hall said. But he noted the preferred route would be 
warning the source to shut down the attack before a military response.

All the military services are preparing for military cyber-response, 
Hall pointed out.

Jim Collins, R&D engineer at the Air Force Information Operations 
Center, who also spoke on the need for network defense at a session at 
the RSA Conference, said the Air Force is also gearing up for an 
offensive cyber capability.

The Air Force hasn't just been standing by, he said, noting that in 
November, the Air Force added the mission to fight in cyberspace by 
creating a new Cyber Command.

We're standing up cyber-fighters to do network warfare, Collins said. 
Where we had pilots before, we?ll have fighters in cyberspace.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Sun Feb 11 2007 - 22:48:16 PST