Today a simulated cyber attack response exercise is being held in Washington D.C. The Bipartisan Policy Center is hosting:
The participants, whose mission is to advise the president and mount a response to the attack, will not know the scenario in advance. They will react to the threat in real time, as intelligence and news reports drive the simulation, shedding light on how the difficult split-second decisions must be made to respond to an unfolding and often unseen threat.
The Bipartisan Policy Center press release is peppered with traditional terms like “unprecedented” and “real-world”, “often unseen threat” and “real dangers”. There is no mention of the Chinese or international collaboration but that has to be one of the main issues on everyone’s mind. I wonder, for example, if anyone bothered to invite international participants. Why? James Fallows in the Atlantic Monthly did a nice job explaining how national security models are facing a transition from typical “bipartisan” efforts to one that is open and collaborative:
While trying to build bridges to the military, McConnell and others recommend that the U.S. work with China on international efforts to secure data networks, comparable to the Chinese role in dealing with the world financial crisis. “You could have the model of the International Civil Aviation Organization,” James Lewis said, “a body that can reduce risks for everyone by imposing common standards. It’s moving from the Wild West to the rule of law.” Why would the Chinese government want to join such an effort? McConnell’s answer was that an ever-richer China will soon have as clear a stake in secure data networks as it did in safe air travel.
An alternative to this kind of closer cooperation could be to improve the quality of education dramatically in the US including teaching computer skills and Mandarin to a high percentage of graduates, as well as the language of every other threat. The British have tried this latter model, which I am told is why the School of Oriental and African Studies (SOAS) came to exist. Perhaps compared to solving the problem of quality education, cooperation on information security seems far simpler.
Fallows warns in his article that America might have a tough time with the concept of “cooperation” given the cultural view of how to deal with “tough-guy, real-world problems”. However, the interconnected nature of Internet risk makes it almost impossible to use a bi-lateral attack/defense paradigm. This has been known since at least the first “Smurf” attacks. Multi-lateral and shared approaches have become the norm in hi-tech response centers but it will take time for established leaders in government to warm up to the idea of greater openness as a strategic advantage in national security.