Cyber Attack Mem
Instructions
The exclusive use of required texts and readings, as well as resources provided, is mandatory. No outside sources are expected.
Complete the following:
A recent cyber attack occurred where a botnet type attack targeted a major US defense firm. No physical damage occurred to the firm’s network, but significant technological secrets about a new surveillance and targeting system from the firm, Defense Applications International (DAI), appear to have been compromised. Incidental, but nonetheless as a result of the attack, the virus also infected a software program that DAI was testing at electrical plant in Pennsylvania. The plant had to be shut down for 12 hours while repairs were made. The NSA believes it has credible evidence that the attack had a direct connection to the elite cyber unit Department 2112, of the country of Redistan, an adversary of the United States, although the attack itself appears to include private citizens of Redistan. The attack, however, was routed through several third countries including Bluelandia, an ally of the United States.
You are a new cyber desk officer working for the National Security Council. The Deputy National Security Advisor has asked you to write a memorandum addressing key issues of cyber policy. In the memorandum you have been asked to address the following issues:
1. Based off of the facts we know, should the attack be considered a crime, espionage or act of war? What should the US response be? How can the US best defend itself from future attacks such as the one that just occurred?
2. Should the United States assign US Cyber Command with the responsibility of protecting certain private companies and if so, what should the general standard be for determining what companies the government should be responsible for defending?
3. Should the United States lead the effort at an international cyber agreement? Why or why not? What challenges would the President face in trying to get an agreement? Are there any alternatives?
4. Are there any substantive changes that should be made to the current US cyber policy?