Sunday, July 17, 2011

US Defense Cyberspace Strategy

William J. Lynn III, US Deputy Secretary of Defense released of the Department of Defense Strategy for Operating in Cyberspace on 14 July 2011. This 19 page (3.3 Mb PDF) document is a response to recent attacks on US industrial and military on-line infrastructure. The strategy emphases cyber defense, but treats cyberspace as an operational domain, like land, sea or air. Defence will be active, that is looking for possible threats before damage from attacks takes place:

Five Strategic Initiatives for US DoD Operating in Cyberspace
  1. Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential
  2. Employ new defense operating concepts to protect DoD networks and systems
  3. Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy
  4. Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity
  5. Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation
Jeffrey L. Caton, Professor of Cyberspace Operations at the U.S. Army War College, was critical of the strategy:

In the end, it is not clear who is the intended audience and what is the intended message for this strategy. For readers who are already familiar with the ongoing efforts in DoD related to cyberspace, it offers nothing new. For novice readers, it is insufficient in detail and confusing in syntax to be of value. For detractors, its use of imprecise language may offer opportunities to manipulate the intent and further propagate the false notion that the U.S. is militarizing cyberspace—ironically, a concern that Secretary Lynn hoped that the strategy would alleviate.

From: "DoD Strategy for Operating in Cyberspace: Nothing New Here", Jeffrey L. Caton, DIME Blog, 15
This criticism seems overly harsh. While the strategy says nothing new to specialists in cyber-strategy, it does bring together the scattered elements of US military cyber strategy into a more coherent whole and makes it readable for the many in the military and in industry who need to implement it. But as Caton notes, the strategy is incomplete, it for example does not touch on the doctrine of response, where USA may use a kinetic response (that is conventional military weapons) to respond to a cyber-attack.

No comments: