The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).
Of course, like the plans that came before (e.g. Cyberspace Policy Review), it emphasizes the imperative for cyberspace protection. Some highlights:
- "DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service..., and the destructive action--including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems."
- "Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure."
- "Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies."
The strategies for cyberspace protection in the DoD plan include treating cyberspace as an operational domain; innovation; partnership; and so on. But we need to leverage our strengths even more.
As the Wall Street Journal pointed out on 15 July 2011: "The plan as described fails to engage on the hard issues, such as offense and attribution." If we can't even identify who's attacking us, and fight back with precision, then we're flailing.
Some may express the concern that we would have all-out war by attacking those who attack us. However, what is the alternative besides confronting our aggressors?
The concept of operations is straightforward: Any computer device that is used to attack us, would immediately be blocked and countered with equivalent or greater force and taken out of play.
This would mean that we are able to get past cyber-bot armies to the root computers that are initiating and controlling them, and dealing with them decisively. This would hold regardless of the source of the attack--individual or nation-state.
The DoD plan acknowledges our own unpreparedness: "Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity."
As in the Cold War, there must be no doubt with Cyber Warfare (as with nuclear) of our ability to inflict devastating second-strike or preemptive attacks with deadly precision.
Until we have unambiguous hunter-killer capability to identify and locate perpetrators of cyber attacks against us and the ability to impose swift justice, we are at the mercy of our aggressors.
We can only have peace in cyberspace when we have the strength to stand up and defend it.
Now we must move with cyber speed to build this capability and stand ready to execute our defenses.
Admiral Mike Mullen was quoted this week (18 July 2011) in Federal Times as saying: "The single biggest existential threat that's out there is cyber...It's a space that has no boundaries. It has no rules."
We must become even better--much better!
(Source Photo: here)