Responding in full force might not be the best approach

Mar 21, 2013 20:11 GMT  ·  By

Over the past few months, some officials have argued that the US might respond in full force to cyberattacks that cause significant damage. However, experts warn that this might not be the best approach.

During a hearing on cyberattacks launched by China, Iran and Russia against US critical infrastructure, Martin Libicki, a senior management scientist at the RAND Corporation, has told the House Homeland Security Committee that the scope of the damage caused by cyberattacks is limited.

Libicki has explained that while cyberattacks might result in the loss of lives, a thing that hasn’t happened so far, they can’t be used to invade a nation or overthrow the current regime.

“A cyberattack, in and of itself, does not demand an immediate response to safeguard national security. Instead, a country struck from cyberspace has the opportunity to ask: What would be its most cost-effective way to minimize such future suffering?” he noted.

The expert believes that if the government keeps making strong statements about cyberattacks, the public will demand that some action be taken. This might compel the US “to doing something even when doing little or nothing is called for.”

In addition, Libicki highlights the fact that the country’s adversaries are more tempted to launch cyberattacks if the government keeps emphasizing “the pain” they cause.

“Conversely, fostering the impression that a great country can bear the pain of cyberattacks, keep calm, and carry on reduces such temptation,” Libicki said.

In Libicki’s opinion, it would be better if the government focused its efforts on minimizing the damaging effects of a cyberattack, and worked on patching the security holes that allowed them to happen in the first place.

A recent survey performed by Tenable Network Security shows that Libicki is right. All that talk about the impact of cyberattacks has made 60% of Americans agree with the government’s investments in cyber warriors.

In addition, 94% of respondents have said that they support the president having the same level of authority to react to cyberattacks as he would to physical attacks.