RSA 2015 The US government must hone its offensive capabilities to electronically attack those who menace America's interests, said the White House's Cybersecurity Coordinator Michael Daniel, quickly adding global ground rules for cyber-war have to be worked out first.
On April 1, President Obama signed an executive order that would allow Uncle Sam to impose economic sanctions against people, or nation states, that threaten America. Daniel, who is the special assistant to the President on cybersecurity matters, told the RSA conference in San Francisco today that the US also needs ways to terminate enemies online.
"We need to have a larger toolset to go after what the bad guys are doing," he said.
"The bar for that is set deliberately high. You've got to be posing a significant risk to the national security, the foreign policy, and the economic health of the US, and the disruptions you are causing have to reach a significant level. This is not a tool that's going to be used on a daily basis for ordinary criminals, but to allow us to go after the worst of the worst."
Ultimately, there is only so much the government can do on its own. Daniel highlighted ways in which industries have pooled information to improve their products. He cited Underwriters Laboratories, an electrical goods safety testing center set up by the insurance industry to test household products, saying something similar could work for the technology industry – an organization that collects up top tips and intelligence.
Part of that will require information sharing between government and industry, and Daniel said that Congress is progressing well on laws that would make this possible. The CISPA and CISA legislation that has some people worried will come to a vote this week, and he said the word in the White House is that both will pass without a problem.
But in the long term, if the US is to actively go after miscreants online, then it's going to need international cooperation, Daniel said. The goal is to create "norms of behavior" for nation states online in reacting to such threats.
"Our primary tools are not going to be military and intelligence tools for cyber-offense," he said. "That's because we are not the only ones that have that capability and we won’t be able to maintain an asymmetric advantage, and have to be prepared for other countries to do the same thing." ®