Nations such as Russia and China who have malicious hackers should be held accountable for the actions of those criminals, according to a report from the Council on Foreign Relations, an independent, nonpartisan membership organization.
"Though the United States cannot expect countries to prevent all malicious behavior, it can expect them to secure their networks to a reasonable standard, pass laws outlawing international cyber crime, and have mechanisms in place to act on requests for assistance in shutting down attacks, and investigating and prosecuting them," wrote author Robert Knake. He is the coauthor, with Richard Clarke, of the book Cyber War.
In addition, the U.S. needs to lead by example, Knake said. "It should take steps to clean up its national network, work to stop its systems from being used in international cyberattacks, prioritize criminal investigation of cyberattacks with foreign victims, and make clear that the primary goal of its military efforts in cyberspace is to defend the United States and preserve international connectivity."
Steps the U.S. should take include developing a stronger set of international regimes to fight crime in cyberspace, moving beyond the current Council of Europe Convention to draw in non-Western states, and developing realtime mechanisms for collaborating to stop cyberattacks in progress and investigate attacks across borders; developing new norms and pursuing treaties to protect the core functions of the Internet and ban distributed denial-of-service attacks; and updating the Internet's underlying technologies to be more secure, such as adding more authentication to IP, BGP, and DNS, Knake said. He also recommends a U.S. bureau on cyber affairs within the State Department.
The problem is that much of the world economy is dependent on the Internet today, meaning attacks can be much more devastating, but that overreactions to such attacks can also cause problems, Knake said.
Knake also criticized the U.S. broadband plan for making the U.S. more dependent on the Internet. "Given the current cyber threat environment, extending U.S. dependence is at best naive and at worst could create a situation in which America’s homeland is vulnerable to both state and nonstate actors that will seek to skip the battlefield and do harm to U.S. society in cyberspace."
Raising the spectre that harboring a geek version of Osama bin Laden could result in war, Knake said, "Countries that do not cooperate in criminal investigations should understand that failure to cooperate will be treated as a sign of complicity. Responses can include both traditional diplomatic protest, sanctions, and military action as well as network actions, including higher-level scrutiny for Internet traffic leaving states that do not cooperate and ultimately blockading access to U.S. and allied networks from states that continue to be outliers."
Opinions on the likelihood of a cyberwar vary, with some people saying it is imminent and others saying concerns are overblown. The U.S. is also looking at a controversial bill intended to give the federal government more control over the Internet in the event of such an attack.
What about all the U.S.-based hackers? Are we going to bomb Maryland, California, Washington, Oregon, and New Jersey? These are all well-known hacker hotbeds, plus New Jersey is home to that awful Jersey Shore TV show and those horrid Real Housewives. Even so, is bombing a country over the sins of a few of its citizens morally justified?
Military action is at the far end of the spectrum, I think identifying the culprit and disconnecting them as a warning is probably as far as anyone needs to go. It's certainly what happens here already in the UK. If you get caught pirating/hacking or using your connection in a less than saintly way your disconnected from your ISP.
History is very clear state vs individuals always results in individuals winning because the state doesn't know how to play on their terms. If you want to stop hackers hack them back, set up infected hacker-tools sites etc...
It the same as insurgency and terrorism you have to fight at their scale, otherwise you always end up creating more of them than you get rid of. Imposing restrictions on some countries harbouring hackers will punish all the non-hackers in that country and feeling they are unfairly treated they will become hackers to get around the restrictions.
It is individuals and intelligence organizations that have to take the lead here to pinpoint the culprits so you can target them and only them.