WHY THIS MATTERS IN BRIEF
In an increasingly connected society cyber attacks can wreak more havoc than ever before and now the US has a plan.
In a sign of the times White House officials have finally gotten around to writing out a plan to deal with future cyber attacks that could negatively affect the US homeland and its interests.
The new guidelines, which were released earlier this week, detail how the government will gauge the severity of cyber attacks, who’s in charge of orchestrating the response, and how urgently the issue needs addressing – a list of protocols that many claim should have been on the books years ago.
“We are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and grows more dangerous every day,” said homeland security adviser Lisa Monaco.
The scale begins at Level Zero – an attack which has an almost negligible impact and goes all the way up to Level Five, a full blown emergency that has a high probability of impacting highly critical national infrastructure and systems such as the power grid and communication and finance systems.
Fig 1. The new cyber DEFCON scale
The scale works by evaluating what the intended consequences of the attack are. For example, if the attack is simply supposed to be a nuisance, like a DoS attack, which temporarily knocks servers offline by flooding them with packets, it gets a low rating while an attack that is targeting the United States power grid could get the highest rating.
Once the threat is evaluated, most likely by the person who discovered the breach, the plan details who should be notified immediately and what steps should be taken. The one thing the White House doesn’t say however is how the government will respond to these attacks, especially those conducted by sovereign nations.
It’s important to note, though, that despite cyber-attacks becoming more and more common as technology advances and people gain a better understanding of how to use it for ill, there hasn’t been a level five attack on the US government yet but there’s always a first time for everything. Especially as more and more sovereign nations and criminals begin using robo-hackers to probe and penetrate US networks.
“There has been no known incident that would be considered a Level Five … The suspected Russian cyber attack on Ukraine’s electric grid in December that caused widespread power outages probably would have been a Level Four – a ‘severe’ event that likely would result in ‘significant’ harm to public safety or national security,” said Monaco.
Even so, in today’s modern age with powerful emerging technologies such as Artificial Intelligence and Quantum Computing potentially getting into the wrong hands it’s always good to have a plan, let’s just hope it never need to get used.