http://www.cfr.org/cybersecurity/developing-proportionate-response-cyber-incident/p36927
By Tobias Feakin
Senior Analyst and Director
International Cyber Policy Centre
Australian Strategic Policy Institute
Council on Foreign Relations Press
August 2015
As offensive cyber activity becomes more prevalent, policymakers will be
challenged to develop proportionate responses to disruptive or destructive
attacks. Already, there has been significant pressure to "do something" in
light of the allegedly state-sponsored attacks on Sony Pictures
Entertainment and the Sands Casino. But finding a timely, proportionate,
legal, and discriminatory response is complicated by the difficulty in
assessing the damage to national interests and the frequent use of
proxies. Perpetrators have plausible deniability, frustrating efforts to
assign responsibility. Past experience suggests that most policy responses
have been ad hoc.
In determining the appropriate response to a state-sponsored cyber
incident, policymakers will need to consider three variables: the
intelligence community's confidence in its attribution of responsibility,
the impact of the incident, and the levers of national power at a state's
disposal.
While these variables will help guide responses to a disruptive or
destructive cyberattack, policymakers will also need to take two steps
before an incident occurs. First, policymakers will need to work with the
private sector to determine the effect of an incident on their operations.
Second, governments need to develop a menu of preplanned response options
and assess the potential impact of any response on political, economic,
intelligence, and military interests.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
