Debating the cyber threat

Should the United States take a unified, cross-government approach to cybersecurity, as it did with counterterrorism after the Sept. 11, 2001, attacks? Current and former federal officials disagreed on the question at the Aspen Security Forum last week.

Like cyberspace itself, the question is abstract and ambiguous. Few policy experts would argue against more inter-agency collaboration on cybersecurity, while few would suggest housing the government's cyber-expertise exclusively in one agency. But the policy debate in Aspen, Colo., is a window into the challenge government agencies face in responding to a borderless and ubiquitous cyber threat.

John Carlin, assistant attorney general for national security, argued in favor of a more unified government approach, citing growing coordination between the FBI and prosecutors. The FBI shares relevant intelligence files on some cybersecurity cases "even though 95 percent of those cases may never see the light of day," he said.

In a later panel, Mike Leiter, former director of the National Counterterrorism Center, pushed back on Carlin’s suggestion that the government could approach cybersecurity in the same inter-agency manner it does counterterrorism.

"I think we have to be really careful about taking the counterterrorism example" and applying it to cybersecurity, he said. The cyber threat "respects borders even less, it moves even more quickly, it involves the private sector even more so," he added.

Given the pace of the cyber threat and its transcendence of private sector and government lines, "if we try to cut and paste the counterterrorism example into the cyber world … we will be, I think, easily outgunned by our various adversaries," Leiter argued.

Carlin, one of the Justice Department officials who announced the May 19 federal indictment of Chinese military officers on cyber espionage charges, said the indictment was part of a "multi-pronged, strategic approach" to countering state-sponsored cyber theft. The message to China is that "this is a red line. We will continue to increase the cost to you of committing this type of activity on American soil … until it stops," he said.

Richard Ledgett, deputy director of the National Security Agency, was also forthright about China's alleged cyber transgressions. The difference "between what we do and what China does is that the United States, by policy and legislation, does not provide intelligence information to our commercial entities for their advantage. China does," he said.