Source: Jack Goldsmith, Washington Post, Monday, February 1, 2010
In a speech this month on “Internet freedom,” Secretary of State Hillary Clinton decried the cyberattacks that threaten U.S. economic and national security interests. “Countries or individuals that engage in cyber attacks should face consequences and international condemnation,” she warned, alluding to the China-Google kerfuffle. We should “create norms of behavior among states and encourage respect for the global networked commons.”
Perhaps so. But the problem with Clinton’s call for accountability and norms on the global network — a call frequently heard in policy discussions about cybersecurity — is the enormous array of cyberattacks originating from the United States. Until we acknowledge these attacks and signal how we might control them, we cannot make progress on preventing cyberattacks emanating from other countries.
An important weapon in the cyberattack arsenal is a botnet, a cluster of thousands and sometimes millions of compromised computers under the ultimate remote control of a “master.” Botnets were behind last summer’s attack on South Korean and American government Web sites, as well as prominent attacks a few years ago on Estonian and Georgian sites. They are also engines of spam that can deliver destructive malware that enables economic espionage or theft.