An unprecedented cyber security commission made up of a whos who of experts and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th Presidency is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.
Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at least two nations, and that over 100 different countries have dedicated cyber attack groups. The reality is that our command and control and SCADA systems can now be directly impacted, says Kellermann, who is also vice president of security awareness at Core Security Technologies.
But this isnt just a national security threat issue, he says. This is an international and economic issue. There is an institutionalization of the threat in developing countries, much like there was with the drug cartels in the 1970s and 1980s.
We are losing this war, he says.
The nonpartisan commission, which was established by the Center for Strategic and International Studies (CSIS) and is co-chaired by Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX), Scott Charney, corporate vice president for Trustworthy Computing at Microsoft, and Retired Lieutenant General Harry D. Raduege Jr., will present a report to Congress within the next two months, providing specific recommendations for a comprehensive cyber security strategy in federal systems and in private critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.
The 44th Presidency Commissions goal is to provide a holistic perspective on the policy and technology issues surrounding the protection of critical infrastructures, Kellermann says. We want to focus on the long-term protection and the fight we are waging in cyberspace... from a national security lens, and from an economic security lens."
Kellermann says the commissions final report with a handful of recommendations -- due to be completed within six to eight weeks -- will go to both presidential candidates, as well as to the House and Senate. He couldnt disclose where some of the recommendations under consideration stand as of now, but he did say the commission is considering a doctrine of sorts that would define the basic rules of engagement for cyber war. It would delineate when and how the president should consider reacting in a cyber war situation, he says. Theres been some discussion of what this presidential playbook would look like.
The problem with battling in cyber war, he says, is how you determine if an attack was from an individual or if it was state-sponsored. And fighting back would entail incurring some internal damage: Even if we were to hit back, say with a distributed denial of service attack, for example, it would blow back on us because the enemy is so deeply in our systems already. But thats something for the Pentagon, NSA, and DOD to ultimately determine, he says.
So how do this commissions recommendations avoid the pitfalls of previous commissions and panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a national policy on cyber security. We need to have in the public eye that this is the greatest threat we face -- and its invisible. Its not just your computer going down, but your FICA account stolen, or your financial future being ripped out underneath you.
Kelly Jackson Higgins, Senior Editor, Dark Reading