By Ellen Messmer
9 februari 2007
If the United States found itself under a major cyberattack aimed at
undermining the nation's critical information infrastructure, the
Department of Defense is prepared, based on the authority of the
president, to launch a cyber counterattack or an actual bombing of an
The primary group responsible for analyzing the need for any cyber
counterstrike is the National Cyber Response Coordination Group (NCRCG).
The three key members of the NCRCG, who hail from the US-CERT
computer-readiness team, the Department of Justice and the Defense
Department, this week described how they would seek to coordinate a
national response in the event of a major cyber-event from a known
This week's massive but unsuccessful denial-of-service (DoS) attack on
the Internet's root DNS, which targeted military and other networks, did
not rise to the level of requiring response, but made the possibility of
a massive Internet collapse more real than theoretical. Had the attack
been successful there may have been a cyber counterstrike from the
United States, said Mark Hall, director of the international information
assurance program for the Defense Department and the Defense Department
co-chair to the NCRCG, who spoke on the topic of cyber-response during
the RSA Conference in San Francisco.
We have to be able to respond, Hall said. We need to be in a coordinated
He noted that the Defense Department networks, subject to millions of
probes each day, has the biggest target on its back.
But a smooth cyber-response remains a work in progress. The NCRCG's
three co-chairs acknowledge it's not simple coordinating communications
and information-gathering across government and industry even in the
best of circumstances, much less if a significant portion of the
Internet or traditional voice communications were suddenly struck down.
But they asserted the NCRCG is ready to stand up? to confront a
catastrophic cyber-event to defend the country.
We're working with key vendors to bring the right talent together for a
mitigation strategy, said Jerry Dixon, deputy director for operations
for the National Cyber Security Division at US-CERT. We recognize much
infrastructure is operated by the private sector. The U.S. government
has conducted cyber war games in its CyberStorm exercise last year and
is planning a second one.
The third NCRCG co-chair, Christopher Painter, principal deputy chief at
the Justice Department, said the cyber-response group also seeks to
communicate with 50 countries around the world where monitoring for
massive cybersecurity events go on as well. Some of them have some of
the same communications issues we have here, he noted.
The Department of Homeland Security?s National Response Plan calls for
coordination with a number of agencies, including the Department of
Treasury, when the decision for a national response is made. So far,
there has been no major cybersecurity event against the United States
that has prompted the need for a national response.
The massive DoS attack attempt against the Internet's root-servers this
week, which specifically targeted military networks, raises the question
whether the United States would ever respond with a counterattack.
It's the President's call, said Hall said, pointing out the
recommendation for a counterattack would be passed to the chief
executive via the U.S. Strategic Command in Omaha.
In the event of a massive cyberattack against the country that was
perceived as originating from a foreign source, the United States would
consider launching a counterattack or bombing the source of the
cyberattack, Hall said. But he noted the preferred route would be
warning the source to shut down the attack before a military response.
All the military services are preparing for military cyber-response,
Hall pointed out.
Jim Collins, R&D engineer at the Air Force Information Operations
Center, who also spoke on the need for network defense at a session at
the RSA Conference, said the Air Force is also gearing up for an
offensive cyber capability.
The Air Force hasn't just been standing by, he said, noting that in
November, the Air Force added the mission to fight in cyberspace by
creating a new Cyber Command.
We're standing up cyber-fighters to do network warfare, Collins said.
Where we had pilots before, we?ll have fighters in cyberspace.
Subscribe to the InfoSec News RSS Feed