Should the Government Prepare A Preemptive Cyber-Attack?
The House Committee on Science recently held a hearing to "examine the extent of U.S. vulnerability to cyber attacks on critical infrastructure such as utility systems, and what the federal government and private sector are doing, and should be doing, to prevent and prepare for such attacks."

Specific issues addressed at the hearing included whether: 1) the U.S. is able to detect, respond to, and recover from a cyber-attacks on critical infrastructure; and 2) there a clear line of responsibility within the federal government to deal with cybersecurity.

Chairman Boehlert started the hearing by comparing a cyber-attack with the effects of a hurricane an noting that "given the increasing reliance of critical infrastructures on the Internet, a cyber attack could result in deaths as well as in massive disruption to the economy and daily life." As the Chairman explained, I never want to have to sit on a special committee set up to investigate why we were unprepared for a cyber attack. We know we are vulnerable, it's time to act."

An senior official from the Department of Homeland Security discussed the agency's mission, goals and participation in a vast array of cybersecurity-related projects and initiatives. CIOs from major corporations warned the Committee "that the nation's critical infrastructure remains vulnerable to cyber attack. The witnesses testified that "the economy is increasingly dependent on the Internet and that a major attack could result in significant economic disruption and loss of life."

It's good to see that the Executive Branch, Congress and industry recognize the magnitude of danger that a cyber-attack could pose to the nation's critical infrastructure and are also taking steps to protect the country from such an attack. Coordinated protective measures by government and industry is essential for securing cyberspace and, with it, our national security and the global economy. However, a well planned, organized cyber-attack could potentially overwhelm or circumvent even the best defenses.

Along with protecting against cyber-attack, it is also important that the government recognizes that potential attackers live real space, not just cyberspace. The real world addresses of current and potential cyber-adversaries may be very well disguised but they do exist. One of the government's priorities should include locating those addresses, verifying them, and then considering appropriate action.