The Consequences of Making Cyberattacks Public

The Consequences of Making Cyberattacks Public

For decades, cyberattacks, counterterrorism operations, and espionage operations took place in secret—and stayed that way. Even if an attack failed, information about it was kept hidden behind closed doors. Government officials usually avoided public disclosure and debate of attacks, instead focusing on promptly resolving situations, either surreptitiously or diplomatically.

That’s why the federal Cybersecurity and Infrastructure Security Agency’s open discussion of a state-sponsored hacker group’s attempt to enter the Port of Houston, one of the country’s most important port authority, was so surprising. CISA Director Jen Easterly spoke candidly about hackers exploiting a zero-day vulnerability during a Senate Homeland Security and Governmental Affairs Committee meeting.

This information would have been unheard of only a few years ago, when a failed attack on crucial national infrastructure would have been communicated only in whispers, if at all. Given the circumstances of the occurrence, however, this was the correct decision. And the US administration should continue down this new route of greater transparency in the aftermath of foiled assaults.

The obvious question is why now is the time to change.

There is just one logical response: deterrence. The offender receives a message from the public acknowledgment: We saw you and we caught you. It instructs cyber adversaries, particularly nation-state adversaries, to think critically before initiating a cyberattack. And, in a public forum like a Senate committee hearing, that message reaches well beyond the perpetrators of a particular episode.

As a result of this disclosure, we are unlikely to see another attack of this sort in the future. This famous tactic harkens back to comparable Cold War game theory discussions. Assume that both parties have nuclear weapons and are ready to use them. Then, fearing retaliation from the other, both are inhibited from acting.

Of course, there are further advantages to openly discussing attack mitigation. For starters, it shows American citizens that their tax funds are being put to good use and that the country’s cyber security is strong.

However, there is a risk associated with these advantages. The more information we give hackers about foiled assaults, the more they might utilize it to improve their methods and grow more sophisticated in their operations.

So, which of the averted attacks should we make public and which should we keep secret?

We must evaluate essential national infrastructure in order to respond effectively. Despite the Biden administration’s efforts to keep specific businesses off-limits, this sector is a key target for nation-states and cyber-criminal groups, whether the purpose is financial gain or business damage. Successful attacks can have serious ramifications, putting the water supply, energy access, and even human life at jeopardy.

That is why, in the case of the Port of Houston attack, public notification was a wise decision: it allowed other CNI institutions to learn from an effective defense posture. In this scenario, the broader learnings from national security education outweighed the aggressor’s potential learnings.

Broadcasting the averted attack encourages infrastructure providers to collaborate directly with the government to strengthen their defenses. Because the private sector owns and operates over 85 percent of vital infrastructure and the entire country is reliant on these industries, collaboration with the government is critical.

Not all attacks have a clear mandate for public debate; we must assess them on a case-by-case basis. In order to improve education, encourage government cooperation, and increase global cybersecurity deterrence, the US government will need to continue to reveal attempted assaults on key infrastructure in the future. Officials must consider whether companies can gain a bigger, big picture lesson from the details of the attack or if sharing our successful defense will give adversaries the advantage for a true US cyber strategic advantage.