Is US proposal for a NATO cyber shield practical?

Speaking at an event sponsored by the Brussels-based Security and Defense Agency think tank last week, US Deputy Defense Secretary William Lynn said the alliance should model a cyber security shield on the nuclear missile shield being developed by NATO.

“The Cold War concepts of shared warning apply in the 21st century to cyber security. Just as our air defenses, our missile defenses have been linked so too do our cyber defenses need to be linked as well”, Lynn was quoted as saying by the AFP news wire.

The Pentagon has launched its own cybersecurity effort in response to a 2008 attack on the US Department of Defense (DoD) network in which a foreign intelligence agency uploaded an infected flash drive on the DoD computer network in the Middle East. The incident lead to a change in thinking in the department toward cybersecurity threats, he said.

Lynn estimated that more than 100 foreign intelligence agencies are trying to hack into the DoD network on a daily basis, posing an enormous cybersecurity threat.

But not everyone is impressed by Lynn’s arguments. Jeffrey Carr posted an article on the Forbes.com blog questioning the practicality of Lynn’s proposal.

“The entire concept of a cyber shield is hopelessly flawed. Firewalls and AV [anti-virus] programs are completely ineffective against state-sponsored attacks because adversaries who are targeting high value data have multiple attack vectors to choose from that would be utterly invisible to automated defenses,” Carr argued.

Certainly the practicality of an alliance-wide cyber shield protecting all of the military and economic networks of NATO countries is questionable. Greater cooperation among NATO countries in the cybersecurity area, Infosecurity notes, seems more manageable and probably will be the ultimate result of Lynn’s effort.

What’s Hot on Infosecurity Magazine?