How to Prevent Cyberattacks

India, Yahoo, Google, and the U.S. government finally have something in common: Chinese cyberattacks.

Hackers in China have been siphoning Indian national security information for eight months now. In recent weeks, there have been China-based attacks on Yahoo! and Google users, and computer spies launched an attack from China and stole terabytes of data on the Air Force's Joint Strike Fighter program.

The attacks underscore just how difficult it has been for countries and corporations to establish viable cyberdefenses. A recent National Research Council report is attempting to make a start. The report, the first part of a broad attempt to find viable options for a cyberdefense policy, identifies three general approaches, each with its own drawbacks.

The first is a passive defense in which security is strengthened in preparation for an attack. This has been the de facto approach for some time, but it fails for two reasons, according to the NRC's Committee on Deterring Cyberattacks. Passive defenses have been too focused on improving vendor and user security, to the detriment of securing infrastructure. For passive defenses, they have to withstand an infinite variety of evolving attacks. As the authors write, that "places a heavy and asymmetric burden on a defensive posture that employs only passive defense."

The second option is to take a Cold War approach akin to nuclear deterrence. If the United States' Internet infrastructure is attacked, the theory goes, it should retaliate with its well-developed offensive capabilities. The problem, as evidenced by recent events, is that conclusively identifying the perpetrators is difficult. In security circles this is known as the attribution problem: The attacks may come from servers based in China, but proving the ultimate culprit is often impossible, whether it's a foreign government or a rogue group.

The last of the general approaches is to focus on combating antagonistic behavior by establishing multilateral international agreements. Of course, as with our current agreements, they're hard to enforce and collecting intelligence on the development of cyberarmies and the origin of cyberattacks is unimaginably hard. The authors seem most optimistic about this approach, but it still only applies to state actors and not rogue groups.

The report ends with a list of over 50 questions. It's only the beginning of a search for viable options, but while each of the approaches mentioned above have their problems, combining all three approaches may yield the best results.

Presented by

Niraj Chokshi is a former staff editor at TheAtlantic.com, where he wrote about technology. He is currently freelancing and can be reached through his personal website, NirajC.com. More

Niraj previously reported on the business of the nation's largest law firms for The Recorder, a San Francisco legal newspaper. He has also been published in The Hartford Courant, The Seattle Times and The Age, in Melbourne, Australia. He's also a longtime programmer and sometimes website designer.

How to Cook Spaghetti Squash (and Why)

Cooking for yourself is one of the surest ways to eat well. Bestselling author Mark Bittman teaches James Hamblin the recipe that everyone is Googling.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register.

blog comments powered by Disqus

Video

How to Cook Spaghetti Squash (and Why)

Cooking for yourself is one of the surest ways to eat well.

Video

Before Tinder, a Tree

Looking for your soulmate? Write a letter to the "Bridegroom's Oak" in Germany.

Video

The Health Benefits of Going Outside

People spend too much time indoors. One solution: ecotherapy.

Video

Where High Tech Meets the 1950s

Why did Green Bank, West Virginia, ban wireless signals? For science.

Video

Yes, Quidditch Is Real

How J.K. Rowling's magical sport spread from Hogwarts to college campuses

Video

Would You Live in a Treehouse?

A treehouse can be an ideal office space, vacation rental, and way of reconnecting with your youth.

More in Business

Just In