WASHINGTON, Nov 27 (Reuters) - The United States is working to prevent attacks on military, government and private computer networks, but any aggressive response raises legal, civil rights and policy questions that should be addressed, a U.S. military adviser said on Tuesday.
At the moment, “there are no rules” about what government or private entities can do if their networks are attacked, said Andrew Palowitch, chief technology officer for Science Applications International Corp’s SAI.N intelligence and security group and senior adviser to the Pentagon.
Given more than 37,000 attempted breaches of government and private programs and 80,000 attacks on military networks in fiscal 2007 alone, some would argue the United States was already in a “cyber war,” he said in a speech at Georgetown University in Washington. He said he was not speaking for the Pentagon.
Palowitch said military officials had publicly conceded that some attacks had succeeded in reducing U.S. military operational capability. He declined to give details.
The Pentagon said this year that China’s military had established units to develop viruses to attack enemy computer systems, and Estonia was the target of an orchestrated “denial-of-service” attack earlier this year that shut down its education, banking, government and other networks for weeks.
The Air Force’s recent move to create a new military command, staffed by 40,000 people to prepare for cyber warfare, underscored the importance of the issue, he said.
He cited estimates that the government would spend up to $35 billion over the next five years to guard against cyberspace attacks, an investment drive that could benefit SAIC, Lockheed Martin Corp (LMT.N), Northrop Grumman (NOC.N) and other companies that work on network security.
The Pentagon has cut the number of gateways to its military network to 13, but the overall U.S. government still had more than 1,300 connections that could be vulnerable. The White House Office of Management and Budget recently ordered that number cut to 50, he said.
Palowitch urged efforts to address the legality of responding to attempted attacks, civil rights questions about monitoring and the liability of private servers and routers. (Reporting by Andrea Shalal-Esa, editing by Patricia Zengerle)