US Is Not Drawing 'Red Lines' in Cyberspace

With so much ambiguity, the cyber domain becomes a dangerous space into which conflicts can overflow, and from which conflicts can quickly escalate, because the rules of engagement are unclear.

The US is avoiding drawing "red lines" in cyberspace to maintain strategic ambiguity about its intentions and retain freedom of maneuver in its responses to online aggression, the deputy head of US Cyber Command said recently.

"Ambiguity, not locking yourself in, is the way that our government prefers to do this," Air Force Lt. Gen. Kevin McLaughlin told the 2016 Intelligence and National Security Summit.

He said he "agreed" with former National Intelligence Officer for Cyber Sean Kanuck, who laid out the reasoning in more detail during the panel discussion on cyber deterrence.   

"Currently most countries don't want to be incredibly specific about the red line for two reasons," explained Kanuck, now a consultant. "They don't want to invite people to do anything they want to below that red line thinking they can do it with impunity; and secondly you don't want to back yourself into a strategic corner where you have to respond if they do something above that red line or else lose credibility."

McLaughlin said attribution, it can be hard to know for sure who is behind a cyberattack, was an issue even outside of cyberspace, but that didn't cripple US response.

As an example, he cited the shooting down of Malaysia Airline's flight 17 en route from Holland over Ukraine, an action that has been attributed to pro-Russian militia using Kremlin-supplied anti-aircraft weapons. 

"It's hard to prove exactly who was behind it," he said of such an attack. "When you bring it to the public there's lots of debate and dialogue." Even with improving attribution, cyberattacks are tricky territory when it comes to response, he acknowledged.

"You get into discussions where it's [about] was that cyber action something you want to deter, or was the cyber action something we think of as a legitimate tool of nation-state [actors], but the end result is something that crossed the line."

Although he didn't give examples, one instance is Chinese hackers' looting of intellectual property from US advanced technology companies. US officials recognize that network intrusion and the theft of sensitive data is a legitimate objective for a national intelligence service. But they say it's wrong to give that data to Chinese companies so they can underbid, or out-engineer, their US competitors.

Cyber is, after all, only a domain, like the air and the sea. It's what the adversary does there, and why, that should dictate the US response, McLaughlin said.

"I think those red lines in cyber will firm up to some degree, but I think we'll see a lot of it generate down to: 'What actually was that country trying to do?' It's often not that the action itself in cyber[space] which was the thing that crossed the red line, it's often what was the objective ... behind it, the end result, that actually crossed the red line."

But with so much ambiguity, the cyber domain becomes a dangerous space into which conflicts can overflow, and from which conflicts can quickly escalate, precisely because the rules of engagement are unclear or poorly understood, Kanuck said.

"There's an interest in ambiguity from a strategic sense, but that also leads to strategic uncertainty," he said.

FedScoop
 

« Uber Starts Self Driving Taxis
Oliver Stone’s Snowden Film »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.