Unified Strategy for Net Unleashed

Monday, July 18, 2011 @ 02:07 PM gHale


From manufacturing operations trying to keep plants up and running for maximum profitability to defense contractors fighting off hack attempts, patrolling and safeguarding cyber space from the bad guys must be a kin to policing the old west.

It has gotten to the point where government intervention is getting closer. That is why the Department of Defense (DoD) launched its “DoD Strategy for Operating in Cyberspace (DSOC),” a unified strategy for cyberspace. The plan brings together new strategies for DoD’s military, intelligence and business operations working in the cyber generation.

RELATED STORIES
Public, Private Sectors Partner on Security
Serious Cyberattack at the EC
Report: U.S. Cyber Space Remains Unsecure

“It is critical to strengthen our cyber capabilities to address the cyber threats we’re facing,” said Secretary of Defense Leon E. Panetta. “I view this as an area in which we’re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.”

Reliable access to cyberspace is critical to U.S. national security, public safety and economic well-being. Cyber threats continue to grow in scope and severity on a daily basis. More than 60,000 malicious software programs or variations hit every day threatening our security, our economy and our citizens.

“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” said Deputy Secretary of Defense William J. Lynn III. “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.”

The DoD and other governmental agencies have taken steps to anticipate, mitigate and deter these threats. Last year, DoD established U.S. Cyber Command to direct the day-to-day activities that operate and defend DoD information networks. DoD also deepened and strengthened coordination with the Department of Homeland Security to secure critical networks as evidenced by the recent DoD-DHS Memorandum of Agreement.

“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,” said Lynn. “Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”

While DoD’s approach to combating cyber threats signaled a first step in the development of a national cyber warfare strategy, it also raised unanswered questions, including policy issues such as how the U.S. could use the Internet to respond to a cyber threat.

“This is an important first step; it is the first time this has ever been done by the Department of Defense,” said Fred H. Cate, Center for Applied Cybersecurity Research (CACR) director and Distinguished Professor, Indiana University Maurer School of Law. “But it’s still a very traditional and not particularly innovative approach. There are critical legal questions that aren’t asked or answered. For example: When does a cyber attack constitute an act of war and when is a kinetic response justified? What are the limits of DoD involvement in the proposed partnerships with industry and civilian government agencies? How are civil liberties to be protected?”

“The central tension in this strategy is the contrast between the announced scaling up of U.S. military activities in cyberspace with repeated reassurances that these increased and intensified activities do not portend the militarization of cyberspace,” David P. Fidler, Indiana University CACR Fellow, and James P. Calamaras Professor of Law. “The openness and interconnectedness of the Internet suggest that containing rapidly expanding military interest, initiatives, and influence in cyberspace will be a very difficult policy challenge — especially if cyber security failures continue in civilian contexts.”

“The strategy states that sophisticated cyber capabilities reside with nations, allowing the U.S. to respond with military force if threatened,” said Scott Shackelford, CACR Fellow, professor of business law and ethics at Indiana University Kelley School of Business. “But it fails to note how the U.S. will be able to attribute attacks quickly and accurately, or how the U.S. will respond to state-sponsored cyber attacks launched by non-state actors. What will the burden of proof be? The strategy is interesting, but did little to change the overall dynamic or address fundamental legal and technical questions of securing cyberspace.”



Leave a Reply

You must be logged in to post a comment.