Nations such as Russia and China who have malicious hackers should be held accountable for the actions of those criminals, according to a report from the Council on Foreign Relations, an independent, nonpartisan membership organization.
"Though the United States cannot expect countries to prevent all malicious behavior, it can expect them to secure their networks to a reasonable standard, pass laws outlawing international cyber crime, and have mechanisms in place to act on requests for assistance in shutting down attacks, and investigating and prosecuting them," wrote author Robert Knake. He is the coauthor, with Richard Clarke, of the book Cyber War.
In addition, the U.S. needs to lead by example, Knake said. "It should take steps to clean up its national network, work to stop its systems from being used in international cyberattacks, prioritize criminal investigation of cyberattacks with foreign victims, and make clear that the primary goal of its military efforts in cyberspace is to defend the United States and preserve international connectivity."
Steps the U.S. should take include developing a stronger set of international regimes to fight crime in cyberspace, moving beyond the current Council of Europe Convention to draw in non-Western states, and developing realtime mechanisms for collaborating to stop cyberattacks in progress and investigate attacks across borders; developing new norms and pursuing treaties to protect the core functions of the Internet and ban distributed denial-of-service attacks; and updating the Internet's underlying technologies to be more secure, such as adding more authentication to IP, BGP, and DNS, Knake said. He also recommends a U.S. bureau on cyber affairs within the State Department.
The problem is that much of the world economy is dependent on the Internet today, meaning attacks can be much more devastating, but that overreactions to such attacks can also cause problems, Knake said.
Knake also criticized the U.S. broadband plan for making the U.S. more dependent on the Internet. "Given the current cyber threat environment, extending U.S. dependence is at best naive and at worst could create a situation in which America's homeland is vulnerable to both state and nonstate actors that will seek to skip the battlefield and do harm to U.S. society in cyberspace."
Raising the spectre that harboring a geek version of Osama bin Laden could result in war, Knake said, "Countries that do not cooperate in criminal investigations should understand that failure to cooperate will be treated as a sign of complicity. Responses can include both traditional diplomatic protest, sanctions, and military action as well as network actions, including higher-level scrutiny for Internet traffic leaving states that do not cooperate and ultimately blockading access to U.S. and allied networks from states that continue to be outliers."
Opinions on the likelihood of a cyberwar vary, with some people saying it is imminent and others saying concerns are overblown. The U.S. is also looking at a controversial bill intended to give the federal government more control over the Internet in the event of such an attack.