Cyber-equivalent of Monroe Doctrine needed to repel Internet attacks

james_monroePresident Obama ought to invoke the cyber equivalent of the Monroe Doctrine to repel rising Internet attacks against America.

So testified Oracle’s tough-talking Chief Security Officer, Mary Ann Davidson, at a Congressional hearing today.

History refresher: Back in 1823, President James Monroe decreed that any attempt to extend foreign political systems onto U.S. soil would be considered an act of aggression requiring U.S. intervention. Simple as that. Monroe sought to repel European imperialists bent on colonizing chunks of the tenuously-governed Americas.

It worked. The Monroe Doctrine became a key tenet of U.S. foreign policy invoked by Calvin Coolidge, Herbert Hoover and John F. Kennedy.

Fast forward to 2009: Foreign cybercrime lords are  colonizing U.S. computers and networks with impunity, due to the tenuous state of cyber defenses.

“We are in a conflict, some would call it war,” Davidson testified before the House Subcommittee on Emerging Threats, Cybersecurity, Science & Technology. “Let’s call it what it is. Given the diversity of potentially hostile entities building cadres of cyberwarriors, probing our systems for weakness, infiltrating government networks and making similar attempts against businesses and critical industries, including our defense systems, is there any other conclusion to be reached?”

A call to defend U.S ‘cyberturf ‘

maryanndavidsonThe hearing was held to get a mid-way status report of a 60-day review of U.S. cybersecurity policy being conducted by management collaboration expert, Melissa Hathaway.

“The advantages of invoking a Monroe-like Doctrine in cyberspace would be to put the world on notice that the US has cyberturf, and that we will defend our turf,” Davidson testified. “We need to do both — now.”

Davidson’s call to arms was reinforced by testimony from David Powner, GAO’s director of IT management issues; Scott Charney, Microsoft Vice President of Trustworthy Computing; Jim Lewis, director of the Center for Strategic and International Studies; and Amit Yoran CEO of security firm NetWitness.

The experts delivered a wide range of proof points showing how American citizens, businesses and governments have been under rising cyberattacks for several years.

Yoran, a former senior official in the Department of Homeland Security, testified that the U.S. has been “experiencing a 9/11 in cyber attacks” for a number of years. “Because there is no visible catastrophic outcome, we lie in bed at night asleep without realizing how much damage is being done.”

Underscoring this Last Watchdog investigation of corporate intrusions, the GAO’s Powner noted that foreign nations and criminals are targeting organizations “to gain a competitive advantage and potentially disrupt or destroy them,” and also pointed out “that terrorist groups have expressed a desire to use cyberattacks as a means to target the United States.”

Truly comprehensive plan needed

The experts agreed that there is a dire need for a truly comprehensive cyber security plan – one that involves public/private partnerships and global cooperation.

One of the top recommendations of the CSIS bi-partisan commission that spend more than a year culling cybersecurity ideas to deliver to the 44th president was a call for regulation. The private sector “will never deliver adequate security and the government must establish regulatory thresholds for critical infrastructure,” testified Lewis, CSIS director and senior fellow.

Charney, the Microsoft executive and a  co-chair of the CSIS bi-partisan commission, cautioned that regulation must be carefully “tailored.”

“Finding the required balance will be difficult,” said Charney. “But if we fail to use regulation to improve our national cybersecurity, if we do not identify mandatory actions to secure the digital infrastructure, the Obama administration will have no more success than any of its predecessors.”

The experts also were unanimous about there being a singular entity best-suited to shaping and implementing such a plan: the White House.

“Only the White House has the authority to bring many large and powerful agencies to follow a common agenda and to coordinate with each other,” said Lewis. “The White House and only the White House can set strategy and policy, ensure that agencies are following them and resolve agency disputes.”

Beckstrom acknowledged

Attending the hearing was Rod A. Beckstrom, who just resigned from a key cybersecurity post in the Department of Homeland Security. Co-author of a best-selling management book, The Starfish and the Spider, Beckstrom could not escape smothering controls put on him by the National Security Agency.

Rep. Bennie Thompson D-Miss., and Rep. Yvette Clarke D-New York, acknowledged Beckstrom. Clarke called Beckstrom’s resignation “an unfortunate loss.” Thompson made note of “ineffective leadership, unclear organizational structure and poorly defined roles” demonstrated by federal agencies and corporations trying futilely to put up a cyber defense.

“I along with many of my colleagues were optimistic when Mr. Beckstrom was brought on to lead the National Cyber Security Center,” said Thompson. “He has organizational expertise. He has worked extensively with the private sector. But Mr. Beckstrom did not have experience working miracles. ”

–Byron Acohido

Portrait of James Madison

Photo of Mary Ann Davidson