Pentagon unveils its new cyberstrategy. Well, some of it, anyway.
'Strategy for Operating in Cyberspace' outlines belatedly a defensive posture. But it leaves many questions unanswered
ASHINGTON (TCSM) Land. Air. Sea. Space. And now, officially, Cyber, too.
The Pentagon on Thursday unveiled its first ever "Strategy for Operating in Cyberspace," officially some say belatedly staking out its turf in the digital realm of networks and computers, an arena that analysts say has been militarized for years.
The document outlining the strategy emphasized its defensive albeit proactive posture, indicating only by omission the presumed offensive capabilities of a nation seen by many cyberwar experts as the world's preeminent cyber superpower.
Some analysts were quick to criticize the unclassified document as shedding little light on the full and true nature of the Pentagon's new cyberstrategy.
Recent leaks of some elements of the policy document led to its early characterization as focusing on circumstances under which the United States would retaliate with bombs, if it came under serious cyber attack.
But this slender 13-page document stresses measures to enhance US cyberdefenses, with nary a mention of offensive cyber weapon deployment, development, or cyberwar strategy other than the broad mandate to make "cyber" a full-fledged "operational domain."
"Peace through preventive defense is at the heart of our DoD cyberstrategy and the administration's overall approach to cyberspace," he said, referring apparently to sensors and other network systems by which the Pentagon hopes to thwart infiltrating hackers or at least give them less than they had hoped to gain. Amid headlines touting the latest "cyberbattle" and breathless coverage of hackers defacing websites or criminals scooping up credit card and personal information, Mr. Lynn asserted that little of what is characterized in the media as cyberwar or cyberbattles comes close to meriting military attention, much less military action.
"While identifying criminal activity in cyberspace is of concern, this is not the Defense Department's primary concern," he said. "Rather, our concern is specific to activities that threaten our mission to protect the security of the nation."
Lynn's speech and the new document outline "five pillars" that characterize the Defense Department's cyberstrategy, including:
• International Defense Building. This fourth pillar lays out expectations that the US will build "collective cyberdefenses" with international partners and allies, including NATO, expanding awareness of malicious software attacks.
• Training and Technology. The fifth pillar aims to ramp up training of defense personnel. The idea is to weaken the advantage cyberattackers enjoy due to anonymity on the Internet and generally porous defenses in society.
With DoD operating more than 15,000 networks and seven million computing devises in installations around the world, the target is huge. So the Pentagon is seeking some technological fixes to shift the field away from attackers, the strategy document indicates.
Though not in the document, the Defense Advanced Research Projects Agency (DARPA) recently announced work on new computer systems that adapt on the fly to attacks to increase resilience. Add to that new encryption technology that prevents data from becoming visible or vulnerable to an attacker.
Alan Paller, research director for the Sans Institute, a Washington-based cybersecurity education organization, says he especially likes pillars two and five protecting critical infrastructure and ramping up procurement.
"This is the first time the nation has fully and publicly committed to continuous monitoring and active defense that will allow the federal government to raise the bar in securing existing systems," he says in an email interview.
But for others the document was missing too many major elements, offensive cyberweapons strategy, for one.
Shrouded in secrecy, the development of weaponized cyber is being conducted in the US as in many other nations outside public view and with little debate about their impact on international treaties and on conventional theories of war such as deterrence that have governed nations for decades, cyber warfare experts say.
Weapons like Stuxnet, the world's first-publicly confirmed piece of weaponized software that some have called a "digital guided missile" was discovered last year to have hammered Iran's nuclear facilities. Nobody knows who developed Stuxnet, even though the US and Israel are high on the list of suspects, many say. The new document doesn't reference US offensive cyber weapons capability or development, or when such weapons might be used against an adversary. Yet, doctrine and policy regarding such use is a major issue within the cyberpolicy community, some arguing the president should be involved in many, if not most, decisions to deploy such weapons. Still, it's possible such questions are more directly addressed in a classified version of the cyber document that observers presume exists.
"I didn't see a single new thing here," says a member of the 2009 National Research Council study of the legality and ethics of using offensive cyberweapons, who asked not to be named. "This so-called strategy is so broadly written that not only is there nothing new in it, parts of this could have been written in the mid-90s stuff about active defenses, better training, better procurement it's the same old stuff. It's hard to see how this constitutes a strategy."
Others agreed there were obvious omissions with no reference to "information operations" the deployment of digital disinformation or a new generation of cyberweapons that could take out computer-controlled power grids, refineries, chemical factories and other computer controlled infrastructure, says Dan Kuehl, a professor of information operations at National Defense University, who attended Lynn's speech.
"The reality is this is really a document focused on cybersecurity efforts, which are not unimportant, but it's only one or two slices of the pizza," Dr. Kuehl says. "Where's the DoD's strategy for the use of cyberspace to influence operations?" he asks, referring to the use of disinformation.
Still, he thought Lynn's speech and the document are unambiguous about the major issue: the military's key role in cyberspace.
"There's been some unhappiness emerging about the idea of militarizing cyberspace," he says. "But I thought Lynn's speech and the strategy document are right on the mark in trying to just normalize it driving a gentle stake through the heart of all this concern.
"I mean, give me a break, it has been militarized for two decades just like space. We're just catching up with it."
Interested in a private Judaic studies instructor for free? Let us know by clicking here.
Every weekday JewishWorldReview.com publishes inspiring articles. Sign up for our daily update. It's free. Just click here.
Comment by clicking here.
© 2011, The Christian Science Monitor. All rights reserved.