By Rob Strayer
Two hundred years ago today, the United States declared war against Great Britain, beginning the War of 1812. At that time, the British Navy was the aggressor, boarding U.S. commercial vessels, sometimes within sight of the U.S. ports from which they had departed. Sailors on those ships were captured by the British and impressed into serving the Royal Navy. Not only were Americans offended by this breach of our sovereignty, but U.S. trade – the lifeline for the fledgling nation – was jeopardized as ships lost their crews, handicapping the nation’s ability to participate in international commerce. The U.S. Congress responded to these illegal acts by declaring war.
Today, the United States faces a digital threat to its national security and commercial interests. Agents of foreign governments, cyber criminals and potential terrorists are probing our vital information technology systems. They not only steal intellectual property, harming our nation’s international competitiveness, and threaten to disrupt commercial activities, but they could cause catastrophic economic harm and disable systems, such as our electric grid, that would result in the loss of life.
Like their nineteenth century counterparts conducting flagrant piracy on the high seas, cyber attackers openly and notoriously exploit U.S. commercial networks. They already illegally access computer systems and abscond with terabytes of data. It is not a significant leap for them to use their access to disrupt and damage critical infrastructure systems controlled by computers.
To be sure, the analogy of cyberspace in 2012 to the maritime domain of 1812 is far from a perfect one. And the U.S. reaction at that time – declaring war on one of the world’s leading powers – is not a response that we would contemplate in this era. It is notable that the U.S. response – starting the War of 1812 – did not accomplish the goal of deterring the British from boarding U.S. ships and capturing our sailors. Indeed, the treaty that ended the war three years later did not even address this issue, and the British only discontinued their exploitation of our merchant ships with the conclusion of the Napoleonic wars.
How does the United States develop a national cyber security policy that is tailored to the problems that private sector companies face (avoiding the mistakes of 1812)? Although, according to a Washington Post article, the Administration debated involving the NSA in monitoring private sector networks, that monitoring would raise serious privacy concerns and would only tackle part of the problem. We need a well thought out and transparent policy that addresses how government and the private sector should coordinate to respond to cyber incidents and that begins with a policy toward nation-state attackers where government interests are the most significant.
Without such coordination, companies that are frustrated by current law enforcement efforts to prosecute and deter cyber attacks have started looking at what are called “active defense” measures that can track hackers and seek to interrupt their activities. Some of these activities, however, may run afoul of current law. The government should be assisting companies in designing appropriate responses, rather than leaving them to take these actions. And too many key capabilities are only in the government’s hands. Just as in 1812, we cannot expect the private sector to go it alone.
Rob Strayer is the Director of the Homeland Security Project at the Bipartisan Policy Center. Previously, Strayer served as the Republican Deputy Staff Director for Senator Susan Collins on the U.S. Senate Homeland Security and Governmental Affairs Committee, where he managed the drafting and mark-up of cyber security and bioterrorism legislation.