book

The National Academies Have just released a report titled “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities” at 1pm EST April 29, 2009. The short description from their site is:

“Cyberattack refers to deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks. This report focuses on the use of cyberattack as an instrument of U.S. national policy.”

Essentially this is a guidance document for policy makers on the area of computer network attack (CNA) as a means of offensive capabilities.

I have heard several high level officials recently stating that we need to develop our offensive capabilities since cyber warfare is asymmetric, which by definition means that the offensive side is favored. I’ve also heard a lot of nuclear analogies like mutually assured destruction, deterrence, first strike, and proliferation, which can be hit or miss. This report is the most comprehensive policy report that I’ve seen to date on this topic, weighing in at a stout 300+ pages. Of particular interest to me is the inclusion of a legal and ethical perspective. I’m going to a presentation tomorrow night at the Harvard Belfer Center titled “Cyberattacks Through the Lens of International Law” that will discuss this topic at length.

I expect that I’ll have much more to say about this when I read it more thoroughly. At first glance the key findings are inline with what I’ve heard in various places, although it seems to be much more comprehensive and substantiated than others I’ve seen.