In the movie, The Untouchables, an irascible long time Chicago cop played by Sean Connery explains to a naïve Elliot Ness how to get gangster Al Capone. The Sean Connery character says, “You wanna get Capone? Here’s how you get him. He pulls a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue! That’s the Chicago way, and that’s how you get Capone!”
I was reminded of that speech the other day listening to Cyber Command head Mike Rogers testifying before the Senate Armed Service Committee. Rogers clearly wants to get tougher on cyber attacks. In fact, he wants vastly increased offensive capabilities – military jargon for hitting back at the attackers. Rogers made it clear, and Senate Armed Services Committee chair Senator John McCain agreed, that defensive toughness was simply not enough. We needed – in Untouchable’s parlance – to send one of theirs to the morgue.
The anger and impatience is understandable. Cyber attacks have been building in number and intensity over the last few years – beyond DDOS attacks and stealing credit card information by organized crime and LOL’s. The Chinese have been stealing technical secrets with abandon. The Russians have been willing to use disruptive cyber techniques against Ukraine. Iran attacked Saudi computers and destroyed thousands. But, the final straw for America came with North Korea’s shameless show of cyber bullying and attack against Sony Pictures. We did counterattack Pyongyang– or so it seemed. They were small. And it was easy work.
Still, you have to ask the question in the larger whole: what happens if one of the big guys attacks and we do send “one of theirs to the morgue.” Are we prepared to deal with consequences of a massive counter attack against civilian targets? Do we have capability detection swift and detailed enough to know they are happening and from where?
We should boost our cyber offensive capabilities, no doubt. And, I think a preemptive strike or two might be a reminder of our strength. But, cyber world is not confined to nation-state to nation-state attack. We can barely manage the minimal of coordination between our government and the private sector in cyber world. It is not likely a large nation state like Iran would make any distinctions. In fact, they would sensibly seek out the greatest vulnerabilities. And, for us, that is in the private sector, where about 85 percent of our cyber infrastructure is located.
So, I applaud Brother Rogers for his fortitude. We simply can’t sit around and take it. But, before we send one to the morgue, let’s make sure we can take care not to send one of ours as well.