Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. Cyberattacks -- actions intended to damage adversary computer systems or networks -- are an avowed part of the U.S. cybersecurity posture. Furthermore, they can be used for a variety of military purposes and for certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. A recent report of the National Research Council, "Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities," is the first comprehensive unclassified treatment of this subject, and this talk will explore important characteristics of cyberattack and cyberexploitation, address current policy, describe some of the international legal issues that arise, and comment on the notion of cyberdeterrence.
Reception to follow.
Dr. Herbert Lin is chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, where he has been study director of major projects on public policy and information technology. These studies include a 1996 study on national cryptography policy (Cryptography's Role in Securing the Information Society), a 1991 study on the future of computer science (Computing the Future), a 1999 study of Defense Department systems for command, control, communications, computing, and intelligence (Realizing the Potential of C4I: Fundamental Challenges), a 2000 study on workforce issues in high technology (Building a Workforce for the Information Economy), a 2002 study on protecting kids from Internet pornography and sexual exploitation (Youth, Pornography, and the Internet), a 2004 study on aspects of the FBI's information technology modernization program (A Review of the FBI's Trilogy IT Modernization Program), a 2005 study on electronic voting (Asking the Right Questions About Electronic Voting), a 2005 study on computational biology (Catalyzing Inquiry at the Interface of Computing and Biology), a 2007 study on privacy and information technology (Engaging Privacy and Information Technology in a Digital Age), a 2007 study on cybersecurity research (Toward a Safer and More Secure Cyberspace), a 2009 study on healthcare informatics (Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions), and a 2009 study on offensive information warfare (Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities). Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT. Avocationally, he is a longtime folk and swing dancer and a poor magician. Apart from his CSTB work, he is published in cognitive science, science education, biophysics, and arms control and defense policy. He also consults on K-12 math and science education.