updated 4/29/2011 9:48:12 PM ET 2011-04-30T01:48:12

A true cyberwar could pose a dangerous problem, but according to a paper, the alarmist rhetoric associated with the term "cyberwar" is nearly as damaging.

Jerry Brito and Tate Watkins from the Mercatus Center at George Mason University argue that there is not sufficient evidence to classify current online threats as "cyberwar."

In doing so -- and with inflammatory rhetoric such as "cyberdoom," "cyberweapons" and "cyberattack" -- Washington policymakers are actually inciting "a bout of threat inflation similar to that seen after 9/11 and in the run-up to the Iraq War," Brito and Watkins write.

Loving the cyberbomb

Brito and Watkins, in their paper "Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy," contend that as a result of the over-hyped reports of a cyberwar, "a cyber-industrial complex is emerging," similar to the military-industrial complex of the Cold War.

This "complex," they write, is causing unnecessary federal spending for what may amount to "baseless" claims, similar to the ones, the authors believe, that were fed to the American public to garner support to invade Iraq.

"This complex may serve to not only supply cybersecurity solutions to the federal government, but to drum up demand for them as well," Brito and Watkins said. Scare tactics and overhyped threats, they added, may lead these same policymakers to unnecessarily regulate the Internet.

"By focusing on doomsday scenarios and conflating cyberthreats, government officials threaten to legislate, regulate, or spend in the name of cybersecurity based largely on fear, misplaced rhetoric, conflated threats, and credulous reporting," the authors said.

If there was a cyberwar, would we be ready?

The answer, according to the U.S. Department of Justice (DOJ), is not the resounding "yes" you were hoping for.

In the paper, "The Federal Bureau of Investigation's Ability to Address the National Security Cyber Intrusion Threat," the DOJ interviewed 36 FBI agents, 13 of whom "lacked the networking and counterintelligence expertise to investigate national security intrusion cases," Network World reported.

The paper argued that the FBI's policy of rotating agents to new offices on a three-year schedule impedes their ability to stay abreast of cybersecurity threats and how to defend against them.

Information-sharing among agencies was lacking, the report found, further hampering the FBI's ability to cooperate on identifying and mitigating threats. Also, the report says, "the courses most beneficial to agents investigating national security" are not offered until they've been in the "cyber career path" for three years.

Despite its bravado, China isn't ready either

Referencing Brito and Watkins' paper, Paul Roberts from the security firm Kaspersky Lab wrote, "The official line in Washington D.C. is that there's a new Cold War brewing, with an ascendant China in the place of the old Soviet Union, and cyberspace as the new theater of war."

But it turns out, according to a security researcher named Dillon Beresford who works with NSS Labs, China isn't prepared for a sophisticated cyberwar.

In an April 26 interview with Roberts, Beresford said that after 18 months of nearly continuous research "crawling the networks of China's state and provincial governments," he's found that China lacks any clear cybersecurity policy.

Similar to Brito and Watkins' assertions, Beresford said overblown media reports -- fueled in part by China's aggressive online attacks in the past few months -- are presenting a false picture of China as an undefeatable cyberwar heavyweight.

"The media hype in the U.S. is all about cyberwar and how the Chinese are kicking our ass," Beresford said. Owing to a lack of transparency between the government and its populace, and a general distrust of Western security software, he added, "what I found is that they are just as vulnerable as the U.S. if not more so."

"They're an aggressor in cyberspace, but their own networks are very weak and poorly designed," Beresford said.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments